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ABSTRACT 


The  increasing  number  of  computer  failures  and  crimes 
has  forced  managers  to  tighten  the  control  procedures  of 
their  EDP  systems.  However  the  cost  of  an  exhaustive  control 
strategy  is  often  very  expensive,  and  its  effectiveness  is 
not  guaranteed.  This  study  designs  and  implements  a  Decision 
Support  System  that  helps  determine  optimal  control 
procedures  for  EDP  systems  (CEA-DSS) . 

The  model  base  of  the  proposed  DSS  consists  of  various 
techniques  for  estimating  computer  exposures.  The  latter 
can  be  interactively  analyzed  via  a  Dialogue  interface  that 
supports  tabular  and  graphic  outputs.  CEA-DSS  also  provides 
extensive  database  management  capabilities  to  keep  track  of 
the  diverse  control  problems.  It  is  implemented  in  Pascal 
for  the  IBM-PC. 
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I.   INTRODUCTION 

A.   DEFINITION  OF  THE  PROBLEM 

Management's  concern  over  adequate  controls  is  useless 
if  the  data  processing  system  designers,  EDP  auditors  and 
their  managers,  do  not  have  the  proper  training  and  control 
techniques  to  utilize  when  designing  or  reviewing  the 
controls  associated  with  computer  systems. 

No  one  has  ever  made  a  convincing  estimate  of  the  total 
cost  of  intentional  and  unintentional  loss-causing  acts 
associated  with  Electronic  Data  Processing  <EDP>  processes, 
but  it  is  clear  that  the  cost  is  high.  Recently,  many 
articles  in  professional  journals  as  well  as  textbooks  on 
EDP  controls  have  been  published  responding  to  the  urgency 
of  protection  and  prevention  of  computer  failures  and 
frauds.  Most  of  these  studies  focus  on  the  identification 
of  potential  exposures,  understanding  of  current  control 
technology  and  the  elaboration  of  EDP  audit  trails.  These 
articles  also  refer  to  the  importance  of  estimating  costs 
and  benefits,  the  integration  of  different  audit  processes, 
and  the  various  natures  of  computer  failures  and  correspond- 
ing protection  and  prevention  measures  tRef .  1  and  23 . 
However  a  more  formalized  methodology  remains  to  be  desired. 

As  a  consequence  of  this  lack  of  formalized  framework, 
the  design  of  EDP  control  systems  frequently  relies  on 
subjective  estimations  of  the  'EDP  controller'  or  the 
'evaluator'  for  performing  Cost-Effectiveness  Analysis 
(CEA).  This  approach  has  two  major  disadvantages.  First,  the 
dense  and  complex  inter-relationships  between  potential 
computer  errors  and  related  types  of  control  procedures  may 
make  difficult,  if  not  impossible,  for  the  EDP  auditor  to 
capture  the   totality  of   the  problem.   Second,  the  combined 
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use  of  control  procedures  may  cause  uncontrollable  and 
undesirable  effects.  For  example,  over-auditing  reduces  the 
throughput  of  the  computer  system  due  to  delays  caused  by 
redundant  control  measures,  or  under-auditing  reduces  the 
protection  effectiveness  due  to  incomplete  control  measures. 

B.   THE  NEED  FOR  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

The  management  of  an  entity  is  responsible  for 
establishing  and  maintaining  adequate  controls.  The 
establishment  and  maintenance  of  a  system  of  controls  is  a 
significant  management  obligation. 

A  complex  on-line  data  communication-oriented  system 
consists  of  various  combinations  of  hardware,  software, 
facilities,  people,  and  the  policies  and  procedures  that 
interrelate  these  components.  The  many  diverse  components 
and  potential  entry-points  into  a  complex  on-line  system 
make  it  possible  for  a  person,  with  sufficient  technical  or 
applications  knowledge,  to  enter  the  system  and  make 
unauthorized  manipulations  of  data,  programs,  or  operational 
procedures.  Furthermore,  control  procedures  for  an  on-line 
system  cut  across  many  lines  of  responsibility  within  an 
organization,  creating  a  control  problem  in  itself. 

As  the  number  of  more  sophisticated  computer  installa- 
tions increases  rapidly,  computers  are  taking  on 
increasingly  responsible  work.  The  more  vital  the  work  of 
the  computer,  the  more  important  is  to  protect  it  from 
failure  and  catastrophe,  and  from  criminals  and  people 
who  misuse  its  power.  The  following  are  typical  cases  of 
critical  computer  implementations  CRef.  33: 

A  large  city  uses  a  computer  for  controlling  its 
police  operations.  All  police  vehicles  and  ambulances 
are  dispatched  by  men  using  terminals  that  inform  them 
of  the  current  emergencies.  If  the  computer  system  was 
put  out  of  action,  many  of  the  operations  could  not  be 
controlled . 

747s  approaching  a  congested  airport  are  prevented 
from  colliding  by  a   computerized   air   traffic  control 
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system.  The  air  traffic  density  has  been  allowed  to 
increase  to  such  a  level  that  it  could  not  be  handled 
without  the  computer  system. 

A  variety  of  nuclear  weapon  systems  are  under  computer 
control.  The  decision  to  launch  a  defensive  nuclear 
attack  is  made  by  men  reacting  quickly  to  information 
from  computer  systems. 

Commercial  data  banks  contain  trade  secrets  and  other 
information  that  could  be  worth  many  millions  of 
dollars  to  the  competitors. 

Functions  like  these  demand  for  data  integrity,  security 
and  privacy.  The  data  processing  function  must  not  loose 
vital  data,  introduce  errors  into  them  and  permit  unauthori- 
zed persons  to  read  or  modify  the  data. 


C.  SCOPE  OF  THE  THESIS 

A  conventional  life  cycle  of  a  computer  audit  process 
consists  of  the  following  six  phases: 

1.  Information  gathering. 

2.  Evaluation  of  current  control  technique. 

3.  Identification  of  new  control  measures  or  strategies. 

4.  Selection  of  control  strategy. 

5.  Implementation. 

6.  Ex-post  evaluation. 

This  thesis  concentrates  only  on  the  fourth  phase, 
the  selection  of  control  strategy,  attempting  to  apply  the 
Decision  Support  Systems  <DSS)  technology  into  the  cost 
effectiveness  auditing  process. 

D.  OBJECTIVE 

The  objective  of  the  thesis  is  to  introduce  a  D5S  for 
CEA .  This  may  help  EDP  auditors  and  computer  center  managers 
to  design  successful  EDP  control  and  security  systems,  and 
monitor  the  effectiveness  of  the  existing  ones. 

The  issue  of  interactiveness  seems  to  be  critical  in 
this  context  since  the  process  of  controlling  EDP  systems  is 
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expected  to  be  not  frequent.  The  importance  of  interactive- 
ness is  further  accentuated  when  EDP  controllers  face  a 
large  combination  of  controls.  Assuming  that  the  DSS 
learning  curve  of  the  end-user  is  low  to  none,  the  proposed 
DSS  emphasizes  on  the  user  friendliness  of  the  system. 

E.   CHAPTER  OUTLINE 

Chapter  2  gives  a  summary  description  of  the  CEA  Model 
that  the  DSS  attempts  to  apply.  The  third  chapter  provides  a 
framework  addressing  user  requirements  and  functions  that 
the  DSS  has  to  meet. 

The  fourth  chapter  is  concerned  about  the  detail  design 
of  the  Dialog  Component  of  the  system.  The  fifth  chapter 
discusses  the  design  of  the  Model  Component.  The  sixth 
chapter  describes  the  design  of  the  Data  Component,  and  the 
seventh  chapter  focuses  on  the  Database  design  which  is  part 
of  the  Data  Component. 

The  implementation  of  the  DSS,  along  with  implementation 
problems  encountered,  is  discussed  in  chapter  8.  Chapter  9 
gives  an  example  of  the  system's  operation  simulating 
the  selection  of  control  strategy  process. 

Finally,  possible  future  extensions  of  the  proposed  DSS 
and  concluding  comments  are  discussed  in  the  last  chapter. 
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II.   THE  CEA  MODEL 

The  purpose  of  a  cost-effectiveness  analysis  is  to 
determine  the  most  cost  effective  control  strategy  to  reduce 
or  eliminate  potential  errors  and  failures.  It  has  been  a 
generally  accepted  view  that  CEA  is  best  used  when  it  is 
integrated  in  the  whole  audit  process.  Some  definitions  of 
the  basic  concepts  are  necessary  to  the  understanding  of 
the  CEA  Model  [Ref.  43. 

A.   DEFINITIONS  OF  BASIC  CONCEPTS 

1 .  The  Concept  of  Exposures 

The  key  element  to  start  a  CEA  is  not  control  but 
exposure.  The  concept  of  exposure  is  based  on  the  assumption 
that  the  degree  of  vulnerability  of  computer  systems  may  be 
reduced  by  enforcing  EDP  control  measures,  but  cannot  be 
totally  eliminated  due  to  some  errors  that  remain  unpredict- 
able or  unable  to  fully  corrected. 

2 .  Costs  of  Controls 

Costs  of  EDP  controls  include  all  costs  associated 
with  the  design,  implementation  and  use  of  the  controls. 
With  experience  gained  in  designing  and  implementing  control 
systems,  the  costs  become  easier  to  be  identified  and 
quantified . 

3 .  Benefits  of  Controls 

The  identification  and  quantification  of  benefits 
derived  from  control  measures  is  very  difficult.  One  way  to 
look  at  benefits  is  to  interpret  them  as  a  function  control 
effectiveness . 
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4.  Effectiveness  of  Controls 

The  effectiveness  of  a  control  is  the  extent  to 
which  this  control  can  reduce  or  minimize  the  probability 
that  an  exposure  occurs,  reduce  the  damage  if  an  exposure 
happens,  and/or  recover  quickly  from  a  damage.  Therefore 
the  reliability  or  performance  of  a  control  can  be  expressed 
as  a  percentage  of  control  effectiveness  relative  to  the 
related  exposure. 

5.  Inter dependencies  between  Controls 

Often,  a  control,  though  primarily  aimed  at  correct- 
ing a  specific  exposure,  may  affect  one  or  more  other 
exposures.  Such  interdependencies  may  dramatically  affect 
the  effectiveness  of  an  EDP  control  system. 

B.  ASSUMPTIONS 

The  model  assumes  that  the  following  conditions  hold: 

Managers  and  auditors  have  limited  time  and  capital 
resources  for  EDP  controls. 

Each  corporate  computer  system  is  characterized  by 
its  specific  and  unique  control  structure. 

Independence  between  potential  failures  or  errors 
within  a  computer  system. 

Each  applied  control  is  expected  to  prevent,  correct 
or  eliminate  one  or  more  potential  errors,  and/or 
affect  others  positively  or  negatively. 

Costs  for  EDP  controls  are  known  and  quantifiable 

C.  SUMMARY  DESCRIPTION  OF  THE  MODEL 

Table  1  lists  all  the  variables  involved  in  the  mathema- 
tic  formulas  of  the  model.  The  CEA  Model  consists  of  the 
following  steps: 

1 .   Define  all  Possible  Control  Sets 

A  control  set  is  simply  a  combination  of  different 
available  EDP  controls.  If  there  are  n  independent  controls, 
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TABLE  1 

DEFINITION  OF  VARIABLES  USED  BY  THE  MODEL 

Symbol 

Description 

m 

Number  of  pot.ent.ial  errors  or  exposures 

n 

Number  of  individual  control  activities 

*i 

Control  activity,  where  i  =  1  to  n 

Ci 

Costs  of  implementing  a 

S 

Number  of  control  sets 

*k 

Control  set,  where  k  =  1  to  S 

e3 

Potential  error  or  exposure,  where  j  =  1  to 

m 

Pr<e  ) 

Probability  that  e   occurs 

d, 

Amount  of  damage  when  e   occurs 

lJ 

Expected  damage  caused  by  e 

*ij 

Effectiveness  of  control  ai  on  exposure  e 

V 

i 

Expected  benefits  obtained  from  a 

\ 

Expected  benefits  obtained  from  s 

k 

\ 

Expected  loss  resulted  in  using  s 

k 

\ 

Costs  of  implementing  s 
*                     y   k 

TC 
k 

Total  cost  associated  with  s 

k 

18 


the  maximum  number  of  control  sets  is  defined  as  follows: 

n 
S   =   Z  Cn!  /  <i!  •  <n  -  i) ! )] 

i  =  l 

This  combinatorial  approach  provides  an  exhaustive 
identification  of  control  sets.  However,  it  may  lead  to  a 
huge  amount  of  possible  combinations,  when  n  becomes  big. 

2.   Compute  Expected  Cost  due  to  EDP  Exposures 

Expected  losses  due  to  occurrence  of  EDP  exposures 
can  be  estimated  using  the  weighted  probability  function, 
the  P.E.R.T.  method  under  the  Accounting  definition,  and/or 
the  ranking  method. 

Under  the  weighted  probability,  given  an  exposure, 
the  probability  0f  its  occurrence,  and  the  amount  of  its 
damage,  the  expected  loss  is  defined  as  follows: 

1   =  Pr(e  )  •  d 

Under  the  P.E.R.T.  method,  given  an  exposure  and  the 

smallest ( 11  ) ,   the   most  likely<12  )   and   the  largest<13  ) 

estimated  dollar  losses  if  the  exposure  occurs,  the  expected 

loss  is  defined  as  follows: 

1   =  (11   *  12   +  13  )  /  6 
3  3  3  3 

The  Ranking  method  is  based  on  two  types  of  subject- 
ive rating  scales  related  to  the  Rank  P  and  the  Rank  Q. 
Rank  P  is  the  probability  of  occurrence  of  computer  failures 
and  Rank  Q  is  the  amount  of  damage  caused  by  a  potential 
exposure.  Given  P  and  Q,  the  expected  loss  can  be  computed 
as  follows: 

(P+Q-3) 
1   =  10         /  4 
3 
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3.   Compute  the  Value  of  each  Control  Activity 

The  value  of  a  control  activity  a,  is  defined  as 
the  sum  of  the  products  between  the  expected  amount  of 
damage  1   and  the  effectiveness  of  a,  on  exposure  e  : 

J  1  J 


m 

Z  <1 
3  =  1 


fi3> 


4.   Compute  the  Total  Value  of  each  Control  Set 


The  calculation  of  the   value   of   each   control  set 

must   take   into   consideration   joint   effects   of  multiple 

control  activity   on  single  exposure.   For  all  a    contained 

i 

in  s  : 
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n 
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m 
<  Z  (1 


i=l   3=1 
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5.   Compute  the  Total  Expected  Loss  for  each  Control  Set 

The  enforcement  of  control  measures  is  likely  to 
reduce  the  probability  of  occurrence  of  computer  failure 
and,  consequently,  the  expected  loss.  However  the  reduction 
of  expected  loss  is  effective  only  on  the  exposures  that  are 
affected  by  controls.  The  computation  of  expected  losses 
includes  joint  effects  of  control  activities.   Thus,  for  all 
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i=l   3=1 


fi3)J 


n 


if  fi3  >    °-    fP3  =  °' 
for  all  p;  a   €  s 


n     m 

♦  z  (  z  <i  -<i-  n  -<i-f  ,)))>  if  f  ,,  f„,  >  o, 

i=l   j  =  l   3     i=1      iJ  iJ    PJ 

for   all  i^p;  a   €  s 
m  P     * 

Z  1  else 

l.  ;,  =  !  3 


6.  Compute  the  Cost  for  each  Control  Set 

The  cost  of  the   control  set  C,  ,   is  the  sum   of  the 

k 
costs  of  the  individual  control  activities  in  the  set: 

n 

C,   =   Z  cJ        if   a.  €  s,  ,  k  =  1,5 
k     i=i  i  1     k 

7.  Compute  the  Benefit  Cost  Ratio  for  each  Control  Set 

The  Cost  Benefit  Ratio   of  a   control  set  s,   can  be 

k 

defined  as   the  gross  value   of   s  (step  4)   divided   by  the 
total  cost  of  the  set(step  6): 

BCR   =   V,  /  C,      where  k  =  1,S 
k     k 

8.  Compute  Total  Expected  Cost  for  each  Control  Set 

The  total   expected  cost   for  the  control  set  is  the 

sum  of  the  total  cost  of  control  C    plus  the  total  expected 

k 

loss : 

TC,    =   C   +  L,      where  k  =  1,S 
k       k     k 

9.  Select  the  Optimal  Control  Set 

The  determination  of  an  optimal  control  set  depends 
on  the  selection  criterion  adopted  by  EDP  managers  or 
auditors.  One  can  either  choose  the  control  set  that  minimi- 
zes the  total  expected  cost(TC^)  or  the  one  that  maximizes 
the  Benefit  Cost  Ratio(BCR).  BCR  represents  the  amount  of 
benefits  obtained  per  unit  of  cost  of  the  investment. 

Figure  2.1  represents  the  whole  process  of  the  CEA 
Model . 
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Figure  2.1    The  Process  of  the  CEA  Model 
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III.   THE  DSS  FRAMEWORK 

The  literature  on  DSS  agree  upon  the  ©mergence  of  the 
three  main  components  of  a  DSS:  the  Dialog  component,  the 
Model  component  and  the  Data  component.  The  separation  of 
these  components  can  result  in  simplicity  of  development  and 
maintenance  CRef.  53.  Although  these  advantages  are  extreme- 
ly desirable,  there  are  cases  where  the  complexity  of  the 
model  component  makes  the  complete  separation  ineffective. 

The  CEA-DSS  falls  in  that  category  because  the  nature  of 
the  CEA  Model  requires  a  fairly  complex  and  restrictive  User 
Interface.  The  Quick-hit  development  strategy,  according  to 
which  the  DSS  has  been  developed,  consists  of  using  the 
latest  technology  to  quickly  design  a  low-cost  system  for 
immediate  pay-off  CRef.  63 . 

A.   THE  ROLES  AND  FUNCTIONS  OF  THE  CEA-DSS 

From  the  decision  maker   point   of   view,   the   user  may 

expect  CEA-DSS  to  perform  the  following  functions: 

Save  substantial  amount  of  time  to  generate  the 
numerous  alternative  control  combinations." 

Support  him  or  her  to  evaluate  the  alternatives  and 
choose  among  them  the  alternative  that  fits  better  at 
the  particular  situation  according  to  the  available 
budget . 

Provide  the  capability  to  monitor  EDP  control  and 
security  systems  in  terms  of  Cost-Effectiveness. 

Provide  graphical  and  tabular  analyses  to  help  the 
decision  maker  select  close  alternatives. 

From  a   system  analysis   viewpoint  ,  CEA-DSS  essentially 

performs   the   roles   of   data   analysis   and   generation  of 

expected   costs   and   benefits   of   control  strategies.  Data 

analysis  also  allows  the  decision  maker  to  sort  the  data. 
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B.   THE  SYSTEM  RESOURCES 

Decision   processes    are   dependent   on   variations   in 

decision  makers,  i.e.  users,  as  well  as  types  of  problems  or 

tasks.  Observations  on  decision  makers  indicate  that: 

Many  users  have  trouble  describing  a  decision-making 
process.  They  seem,  instead,  to  rely  on 
conceptualizations,  such  as  graphs  or  tables,  when 
making  or  explaining  a  decision  CRef .  7] .  Thus  the  DSS 
must  help  the  user  to  conceptualize  a  problem. 

Users  need  memory  aids  CRef.  8] .  These  memory  aids 
may  be  physical,  such  as  scratch  paper,  memos,  or 
reports.  The  DSS  should  provide  memory  aids  compatible 
with  their  needs.  Directories,  databases,  workspaces, 
triggers  are  some  typical  memory  aids  the  DSS  should 
provide  the  user. 

Users  have  different  styles,  skills  and  knowledge 
CRef.  9] .  Therefore,  if  the  DSS  is  designed  to  support 
a  specific  process,  it  would  probably  support  a 
specific  set  of  styles,  skills  and  knowledge. 

Users  expect  to  exercise  control  over  the  DSS.  Direct 
control  of  the  DSS  allows  the  DSS  to  satisfy  the 
different  styles  mentioned  above.  The  user  must 
understand  what  the  DSS  can  do  and  be  able  to  interpret 
its  outputs. 
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IV.   THE  DIALOG  COMPONENT 

The  dialog  component,  is  the  most  elegant  part  of  the 
D5S  design.  There  are  no  absolute  rules  or  algorithms  for 
the  design  process.  It  is  often  left  upon  the  intuition  of 
the  designer  to  balance  user  requirements  with  system 
requirements  and  provide  the  optimal  dialog  component. 

The  dialog  component  of  the  CEA-D55  consists,  at  least 
conceptually,  of  the  following  three  main  units: 

The  user  interface. 

The  intermodule  linkage. 

The  control . 

A.   THE  USER  INTERFACE 

The  user  interface  unit  provides  the  link  between  the 
user  and  the  system.  Its  primary  concern  is  to  make  .the 
system  'user  friendly' .  Even  if  a  DSS  provides  extremely 
powerful  functions,  it  may  not  be  used  if  the  user  interface 
is  unacceptable. 

For  the  CEA-D55  a  full  screen  frame  is  the  standard 
presentation  of  the  system  to  the  end-user.  The  user,  having 
only  one  screen  format  to  deal  with,  gets  familiar  with  the 
system  faster . 

The  man-machine  interaction  is  carried  out  through 
menus,  questions/answers,  messages,  input/output  forms, 
graphics,  printed  reports  and  a  help  facility. 

1 .   The  Frame 

Figure   4.1   shows   the   frame  of  the  CEA-DSS.  It  is 
divided  into  the  following  areas: 

The  PROBLEM  area.  In  this  area   appears  the  description 
of  the  problem  currently  processed. 
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The  ACTION  area.  This  area  informs  the  user  about  which 
part  of  the  system  is  currently  accessed. 

The  WORK  area.  This  is  the  place  where  the  greatest 
part  of  the  dialog  is  accomplished.  All  the  menus, 
messages,  input/output  forms  and  the  directory  of  the 
DSS  appear  here. 

The  SUBMENU/SELECTION  area.  In  this  area  appear 
submenus  in  line  format  and  the  user  is  asked  to  make  a 
selection.  This  area  is  also  reserved  for 
question/answers  and  the  'press  any  key..'  prompt, 
reminding  the  user  that  the  system  is  waiting  for  some 
action. 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:              ACTION: 

WORK  AREA 

SUBMENU/SELECTION  AREA 

Today  Is:  ##/##/#### 

Figure  4.1    The  Frame  of  the  CEA-DSS 

2.   The  Menus 

The  menus  of  the  CEA-DSS  are  organized  in  a  four 
level  tree  hierarchy.  The  root  of  the  tree  is  the  MAIN  MENU 
of  the  system.  From  this  menu  can  be  called  any  menu  that 
belongs  in  the  second  level.  The  latter  contains  has  the 
DATABASE  MENU,  the  MODEL  MENU,  and  the  SENSITIVITY  ANALYSIS 
MENU.  The  third  level  consists  of  the  database   submenu,  the 
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CONTROL  STRATEGY  MENU,  the  GRAPHICS  MENU  and  the  PRINT 
MENU.  Finally,  in  the  fourth  level  there  are  the  control 
strategy,  the  graphics  and  print  submenus.  Figure  4.2  shows 
the  tree  hierarchy  of  the  menus. 

One  level  at  a  time,  upwards  or  downwards,  is 
allowed  for  the  same  branch  of  the  tree.  Changes  from  one 
branch  to  another  require  the  control  to  be  routed  up  to  the 
root  of  these  two  branches.  Although  this  is  a  little 
restrictive  for  the  user,  it  improves  the  indermodular 
independence  and,  consequently,  the  overall  control  and 
clarity  in  the  system. 

All  the  menus,  submenus  not  included,  have  their  own 
help  command  which  the  user  may  use  to  get  some  useful 
information  about  the  area  of  the  DSS  he/she  is  currently 
accessing.  Most  of  the  menus  are  discussed  in  Chapter  9. 

3  .   Questions/ Answers 

There  are  a  few  questions/answers  in  the  CEA-DSS. 
They  are  used  either  in  cases  where  the  system  must  be 
reassured  that  the  user  made  the  correct  selection,  or  for 
single  data  entries. 

4 .   Messages 

Messages,  almost  always,  appear  at  the  center  of  the 

work  area  accompanied  by  a  'beep'  sound.  Messages,  according 

the  reason  of   their   initiation,   fall   into   the  following 

three  categories: 

Trigger   Messages.   These   remind  the  user  that  certain 
operations  ma] 
cannot  accomp! 


operations  may  need  to   be   performed   that   the  system 
)lish  . 


Informal  messages.  They  inform  the  user  about  what 
process  is  the  system  performing.  The  primary  concern 
of  this  category  is  to  cover  the  gaps  in  the  dialog 
caused  by  time  consuming  processes. 

Error  Messages.  They  are  initiated  when  the  user 
supplies  the  system  with  incorrect  entries.  While 
editing  exposures  or  controls,  'beep'  sounds  notify  the 
user  for  entry  errors. 
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Figure  4.2    Menus'  Tree  Hierarchy 
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All  messages  along  with  the  reason  that  causes  their 
initiation  are  listed  in  Appendix  A. 

5.  Input /output  Forms 

The  system  needs  only  three  forms  for  its  operation. 
Two  of  them  are  input/output  forms  and  one  output  form.  One 
input/output  form  is  dedicated  to  the  Control  activities  and 
the  other  one  to  the  Exposures.  Both  are  used  by  the 
Database  Management  System  for  editing  purposes.  The  output 
form  is  used  by  the  Sensitivity  Analysis  for  presenting 
the  most  effective  or  most  cost  effective  Control  Strategy. 

Figure  4.3  shows  the  two  input/output  forms.  Fields 
filled  with  Xs  indicate  that  any  character  is  valid,  while 
9s  represent  numeric  characters  only.  Notice  that  the 
control  input/output  form  is  a  variable  one.  The  number  of 
the  "'Effectiveness  on  Exposure"  fields  that  appear  on  the 
form  depends  on  the  number  of  Exposures. 

6.  Graphics 

The  objective  of  the  graphics  part  is  to  help  the 
user  conceptualize  the  differences  among  alternatives  over 
the  cost  range  he/she  prefers.  Graphics  can  also  be  used  to 
supply  parameters  for  the  operations.  For  example,  a  point 
selected  on  a  graph  can  identify  a  key  value  that  will  be 
used  to  retrieve  detailed  information.  Representations  like 
curves  and  histograms  are  the  most  appropriate  for  this 
particular  application. 

7 .  Printed  Reports 

Although  not  technically  a  part  of  the  DSS,  printed 
reports  are  aimed  to  provide  the  user  with  an  easy-to-read 
summary  of  the  processed  problem.  This  summary  consists  of 
the  exposure  table,  the  control  table  and  the  listing  of 
the  sets  generated  by  the  model .  The  user  may  select  any  of 
these  reports  or  all  of  them  to  be  printed. 
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PROBLEM 

:  PROBLEM 

ACTION:  ADD  EXPOSURE 

Index: 01 

Descnption:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 

WEIGHTED:  Daaage: $99999999    Probabi] 

ity:0.999 

P.E.R.T:  Saal lest: $99999999  Host  Likely :$99999999   Largest: $99999999 

RANKS: 

Rank  P:9.999       Rank  Q:9.999 

Rank  P  Daaage  caused  by  error 

Rank  Q 

Damage  caused  by  failure 

0 

virtually  impossible 

0 

negligible 

1 

Bight  hapoen  once  in  400  years 

1 

about       $10 

2 

light  happen  once  in  40  years 

2 

about      $100 

3 

Bight  happen  once  in   4  years 

3 

aoout     $1,000 

4 

night  haopen  once  in  100  flays 

4 

aoout    $10,000 

5 

Bight  happen  once  in  10  flays 

c 
J 

about   $100,000 

6 

might  napoen  once  in   1   day 

6 

about  $1,000,000 

7 

Bight  happen  ten  tines  a  day 

7 

over   $1,000, 0O0 

IS  RECORD  CORRECT (Y/N)?  : 

Today  Is:  8/19/1985 
1 

PROBLEM:  PROBLEM 1 


ACTION:  ADD  CONTROL 


lnoex:01    DescriotionrXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
Cost: $99999999 


Effectiveness 

on 

Exposure 

1: 

0.999 

Effectiveness 

on 

Exposure 

c : 

0.999 

Effectiveness 

on 

Exposure 

0.999 

Effectiveness 

on 

Exposure 

4: 

0.999 

Effectiveness 

on 

Exposure 

0.999 

Effectiveness 

on 

Exposure 

6: 

0. 999 

Effectiveness 

on 

Exposure 

7. 

0.999 

Effectiveness 

on 

Exposure 

8: 

0.999 

Effect lveness 

on 

Exposure 

9: 

0.999 

Effectiveness 

on 

Exposure 

10: 

0.999 

Effectiveness 

on 

Exposure 

11: 

0.999 

Effect lveness 

on 

Exposure 

12: 

0.999 

Effect lveness  on  Exposure  13:  0.999 

Effectiveness  on  Exposure  14:  0.999 

Effectiveness  on  Exposure  15:  0.999 

Effectiveness  on  Exposure  16:  0.999 


IS  RECORD  CORRECT (Y/N)?  : 


i  Today  Is:  8/19/1985 


Figure  4.3    Input/output  Forms 
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8.   Help 

The  purpose  of  the  help  facility  is  to  provide  the 
user  with  on-line  information  about  the  specific  area  of  the 
system  he/she  is  currently  accessing.  Each  help,  one  for 
each  menu,  is  written  in  such  a  level  of  detail  that  enables 
its  presentation  in  one  full  screen  frame  only.  All  help 
documents  appear  in  Appendix  B. 

B.  THE  INTERMODULE  LINKAGE 

This  unit  assures  the  liaisons  with  the  model  and  the 
data  component.  Usually,  it  is  maintained  by  a  set  GOTO, 
CASE  and  IF_THEN_ELSE  statements.  Its  nature  and  structure 
are  highly  dependent  on  the  programming  language  and  the 
hardware  configuration  being  used  for  the  CEA-DSS. 

C.  THE  CONTROL 

On  the  one  hand,  as  in  section  3.B  stated,  users  expect 
to  exercise  control  over  the  DSS.  On  the  other  hand,  the 
system  has  to  control  its  processes  to  assure  an  error  free 
operation,  not  affected  by  incorrect  entries  and  requests. 
The  control  unit  is  the  part  of  the  dialog  component  which 
bridges  these  two  requirements.  It  is  the  filter  between  the 
user  interface  and  the  intermodule  linkage  unit.  Validation 
of  input  data  and  verification  of  user  requests  are  its 
primary  functions.  All  the  error  messages  are  initiated  by 
this  unit.  Finally,  it  can  be  stated  that  the  control  unit 
provides  the  boundaries  within  which  the  user  is  allowed  to 
control  the  process. 
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V.   THE  MODEL  COMPONENT 

The  most  important  units  of  the  model  component  are 
the  Model  Base, the  Model  Base  Management,  the  Model  executi- 
on, the  Sensitivity  Analysis,  the  Dialog  Interface  and  the 
Data  Interface. 

A.   THE  MODEL  BASE 

The  following  five  routines,  required  for  the  CEA  Model, 
are  the  content  of  the  model  base  for  the  CEA-DSS.  (The 
mathematical  definition  of  these  methods  was  discussed  in 
section  2. C) . 

1 .  The  Weighted  Method 

This  routine  computes  the  expected  cost  due  to  EDP 
exposures  using  the  weighted  probability  function.  It 
retrieves  the  required  data,  directly  from  the  data  base, 
manipulates  the  data  and  stores  the  results  in  memory  for 
subsequent  computations. 

2.  The  P.E.R.T.  Method 

It  is  exactly  the  same  with  the  Weighted  Method 
routine  except  that  it  uses  the  P.E.R.T.  method  to  compute 
the  expected  cost  due  to  EDP  exposures. 

3.  The  Ranking  Method 

Similar  to  the  others,  it  computes  the  expected  cost 
due  to  EDP  exposures  using  the  Ranking  Method. 

4.  The  Effective  Control 


The  role  of  this  routine  is  twofold:  To   compute  the 
Value  of   each  Control   activity  and,  if  possible,  to  reduce 
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the  number  of  the  control  activities  that  will  be  actually 
used  in  the  generation  of  the  control  sets.  The  routine, 
having  the  results  of  one  of  the  tree  methods,  retrieves, 
directly  from  the  database,  data  related  to  the  Control 
activities.  For  each  Control,  it  computes  first  the  value 
and  then,  it  compares  that  value  with  the  associated  cost. 
If  the  value  is  greater  that  the  cost,  the  result  is  sent  to 
a  secondary  storage  for  subsequent  computations.  If  the 
value  is  less  or  equal  to  the  cost,  the  Control  activity  is 
ignored . 

5.   The  Control  Sets 

The  output  of  the  Effective  Control  routine  is  used 
by  the  Control  Sets  to  generate  the  control  sets,  ^or  each 
control  set  it  computes  the  steps  4  to  8  described  in  the 
CEA  model.  If  the  Total  Value  of  the  set  is  greater  than  its 
cost,  the  set  is  stored  in  the  database  for  decision 
analyses   support,  otherwise  it  is  ignored. 

B.   THE  MODEL  BASE  MANAGEMENT 

The  role  of  the  Model  Base  Management  is  to  coordinate 
the  model  base  and  the  data  analysis  functions.  Since  the 
CEA-DSS  is  aimed  to  support  only  the  model  described  in 
Chapter  II,  the  Model  Base  Management  does  not  provide  for 
on-line  modeling  or  model  update  and  restructure. 

Its  most  important  function  is  to  enable  the  user  to 
utilize  the  model  base  fully  for  decision  support  and  to 
perform  analysis  of  the  results.  This  function  is  performed 
by  iterative  rerun  of  the  model . 

Also,  it  is  responsible  to  update  the  Problem  record, 
kept  in  the  directory  of  CEA-DSS,  with  key  information  about 
the  model  runs.  Thus,  any  future  reference  to  this  problem 
will  not  require  any  model  execution,  except  if  modifica- 
tions take  place  on  the  initial  data  or  on  the  cost  range. 
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C.  MODEL  EXECUTION 

Contains  statements  to  call  routines  from  the  model 
base.  It  controls  the  execution  of  the  model  assuring  the 
logical  sequences  of  computation. 

D.  SENSITIVITY  ANALYSIS 

The  Sensitivity  Analysis  unit  helps  the  user  analyze  the 
results  of  the  model  runs.  It  is  directly  controlled  by  the 
dialog  component.  This  unit  consists  of  all  the  routines 
associated  with  graphic  representations,  control  strategy 
selection  and  hard  copy  reports. 

Input  data  for  the  sensitivity  analysis  are  the  control 
sets  in  the  set  files.  As  stated  earlier,  a  model  run  may 
produce  thousands  of  control  sets.  Therefore,  it  is  usual 
several  control  sets  to  have  exactly  the  same  cost.  Since 
the  amount  of  data  is  huge  and  the  analysis  is  primarily 
based  on  costs,  the  control  sets  in  a  set  file  must  be 
indexed  on  their  cost.  This  creates  the  requirement  for  the 
database  system  to  provide  for  direct  file  access  and  to 
allow  the  existence  of  duplicate  keys  within  the  same  index. 

E.  DIALOG  INTERFACE 

The  model  component  is  directly  interfaced  with  the 
dialog  component  in  order  the  user  to  gain  control  over  its 
processes.  He/she  is  able  to  select  the  desired  statistical 
method  and  cost  range  for  a  model  run  and  the  cost  range  for 
the  data  analysis  process. 

F.  DATABASE  INTERFACE 

The  model  component  is  directly  interfaced  with  the  data 
component.  This  enables  the  model  component  to  create  and 
delete  the  set  files  where  the  generated  control  sets  are 
stored . 
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VI.    THE  DATA  COMPONENT 

The  data  component  consists  of  two  main  units.  The 
the  Database  Management  System  and  the  Database  discussed 
in  the  next  chapter. 

A.  THE  DATABASE  MANAGEMENT  SYSTEM  (DBMS) 

The  complexity  of  the  Dialog  component  and  the  Model 
component,  as  well  as  the  effective  and  efficient  operation 
of  the  system  lead  to  the  selection  of  a  Relational  Database 
system.  One  characteristic  of  a  Relational  Database  is  the 
use  of  fixed  length  records.  However,  variable  length 
records  cannot  be  avoided.  Since  the  data  component  requires 
functions  like  addition,  deletion  and  modification  on  data, 
the  elimination  of  modification  anomalies  seems  to  be  of 
high  priority . 

The  DBMS  provides  capabilities  for  sequential,  indexed 
sequential  and  direct  file  access.  Indexes  are  organized  as 
B-trees.  In  a  B-tree,  a  data  unit  is  accessed  by  using  a 
key.  Any  given  key,  primary  key,  is  related  to  one  and  only 
one  data  unit  in  a  data  file.  The  system  permits  also  the 
existence  of  duplicate  keys  or  secondary  keys,  which  are  of 
great  importance  for  the  sensitivity  analysis  as  discussed 
in  the  previous  section. 

B.  FILES  USED  BY  THE  SYSTEM 

Files   in    the   system    can   be    divided   into   three 

categories,  according  to  their  initial  creation: 

Files  created  by  the  data  component.  These  are  the 
directory  of  the  system  and  its  index.  The  directory 
contains  all  the  problems  available  in  the  system's 
library  indexed  on  their  description.  Duplicate  problem 
description  is  not  permitted. 
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Files  initiated  by  the  user.  The  Controls  file  and 
the  Exposures  file  fall  in  that  category,  indexed  on 
their  'index'.  Index  is  a  unique  key  generated  by  the 
DBMS  for  management  purposes.  It  keeps  track  of 
modification  anomalies  and  makes  the  user's  work 
easier.  Actually,  it  identifies  the  current  position  of 
the  data  unit  in  the  data  file  and  NOT  the  data  unit 
itself. 

Files  created  by  the  model  execution.  Each  time  the 
model  is  executed  for  a  specific  method,  a  set  file  is 
created  indexed  on  set  cost.  Duplicate  keys  are 
necessary  here  because  it  is  possible  several  sets  to 
have  the  same  cost.  These  files  cannot  be  modified  by 
the  user  or  the  system . 


C.   FILE  CREATION/RETRIEVAL 

The   Data   component   has   the   flexibility  to  deal  with 

library  of  problems  and  not  with  only  one   problem.  In  order 

to  achieve   that,  it   must  have  the  ability  to  recognize  and 

retrieve  the  files  related  to  the  problem  in   request,  or  to 

create  files   for  that   problem,  if   it  is   not  found  in  the 

directory  of  the   CEA-DSS.   The   algorithm   followed   is  the 

following : 

The  directory  of  the  system  has  the  fixed  file  name 
'PROBLEM'.  The  data  file  has  the  fixed  filetype 
'DTA'and  its  index  the  'IDX'. 

All  the  files  created  for  one  problem  have  as  file 
name  the  description  of  the  problem. 

The  controls  file  has  as  filetype  the  'DCL'  and  its 
index  the  'ICL' . 

The  exposures  file  has  as  filetype  the  'DXP'  and  its 
index  the  'IXP' . 

For  the  set  files  the  algorithm  used  is  more 
complicated.  Additionally,  the  DBMS  must  be  provided 
with  an  identifier  indicating  the  method  to  which  the 
set  file  refers.  For  that  reason,  the  filetype  for  set 
files  is  separated  into  to  fields.  The  first  one,  one 
character  long,  identifies  the  method,  and  the  second 
one,  two  characters  long,  identifies  the  data  file  or 
the  index.  For  the  first  field,  the  letters  'W','P'  and 
'R'  correspond  to  the  Weighted , Pert  and  Ranking  method. 
For  the  second  field,  the  'DT'  denotes  the  data  file 
and  the  'IC  the  index  file. 
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VII.  DATABASE  DESIGN 

To  some  extent.  Database  design  is  an  intuitive  and 
artistic  process.  There  is  no  algorithm  for  it.  Typically, 
it  is  an  iterative  process.  During  each  iteration,  the  goal 
is  to  get  closer  to  an  acceptable  design.  The  database 
design  is  divided  into  two  phases:  logical  design,  where  the 
needs  of  user  are  specified,  and  the  physical  design,  where 
the  logical  design  is  mapped  into  the  constrains  of  particu- 
lar program  and  hardware  products. 

A.   LOGICAL  DATABASE  DESIGN 

1 .   Logical  Database  Records 

The  database  of  the  CEA-DSS  is  required  to  maintain 
four  different  kinds  of  records.  The  first  one,  the  PROBLEM 
record,  is  the  data  unit  of  the  system's  directory.  Each 
problem  has  its  own  unique  record.  This  record,  except  the 
problem  description,  contains  key  information  about  the 
most  recent  execution  of  the  model  on  that  problem.  The 
second,  is  the  EXPOSURE  record.  This  record  contains  the 
description  of  the  exposure  and  weights  for  the  three 
methods.  The  third,  the  CONTROL  record,  has  the  description, 
the  associated  cost  and  elements  indicating  the  effecti- 
veness of  the  control  activity  on  different  exposures.  The 
last,  the  SET  record,  is  the  output  of  the  model  execution 
and  contains  the  combination  of  the  control  activities,  and 
the  results  of  the  model  run.  Field  descriptions  for  the 
logical  database  records  are  shown  in  Table  2. 

Constraints  on  data  items  appear  on  Table  3.  These 
constraints  are  limitations  on  the  values  that  database  can 
have.  They  are  divided  into  three  groups.  Field  constraints 
limit   the   values  that   a   given   data   element   can   have. 
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TABLE  2 
LOGICAL  DATABASE  RECORDS 


Field 


Description 


PROBLEM  Record: 

Pr obi em _ Description 
Pr ob 1 em _ Creator 
Problem .Date 
Control s_ for _ 

Weigh ted_Met hod 
Controls  for_ 

P.E.R.T._Method 
Control s_f or _ 

Rank ing_ Method 
Wei gh ted _ Met hod _ 

Total _Cost_of .Controls 
P.E.R.T._Method_ 

Total _Cost_ of .Controls 
Ranking .Method 

Total  Cost  of  Controls 


Alphanumeric,  8  characters 
Alphabetic,  25  characters 
Format  MM/DD/YY 

Numeric < integer ) ,  2  digits 

Numeric < integer ) ,  2  digits 

NumericC integer ) ,  2  digits 

Numeric < integer ) ,  10  digits 

Numeric < integer ) ,  10  digits 

Numeric ( integer ) ,  10  digits 


EXPOSURE  Record: 

Exposure. Description 
Exposure. Damage 
Exposure.Probabi 1 1 ty 
Smal lest. Damage 
Most. Likely .Damage 
Largest. Damage 
Exposure. Ran kP 
Exposure. Ran kQ 


Alphanumeric,  50 
Numeric < integer ) , 
Numeric < real ) ,  5 
Numeric < integer ) , 
Numeric ( integer ) , 
Numeric ( integer > , 
Numeric ( real ) ,  5 
Numeric ( real ) ,  5 


characters 
8  digits 

digits 
8  digits 
8  digits 
8  digits 

digi ts 

digits 


CONTROL  Record: 

Control .Description 
Control. Cost 
Control. Effectiveness 
on.Exposure 


Alphanumeric,  50 
Numeric ( integer ) 


characters 
8  dig! ts 


Numeric ( real ) ,  5  digits 


SET  Record: 

Set.com bl nation 
Expected. Benef l ts 
Expected.Loss 
Set_Cost 
Expected  Cost 
benefit  Cost  Ratio 


Numeric ( binary ) , 
Numeric ( integer) 
Numeric ( integer) 
Numeric ( integer) 
Numeric ( integer ) 
Numeric ( real ) ,  5 


variable 
10  digits 
10  digits 
10  diqits 
10  digits 

digits 
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TABLE  3 
CONSTRAINTS  FOR  LOGICAL  DATABASE  RECORDS 

Field  Constraints: 

Problem_Description  must  not  be  null 
Controls_f or_Weighted_Method  must  not  be  0 
Controls_for_P.E.R.T._Method  must  not  be  0 
Controls_f or_Ranking_Method   must  not  be  0 
Exposure_Probability  must  be  from  0.000  to  0.999 
Exposure_RankP  must  be  from  0.000  to  7.000 
Exposure_RankQ  must  be  from  0.000  to  7.000 
Control_Ef f ectiveness_on_Exposure  from  0.000  to  0.999 
Benef it_Cost_Ratio  must  be  greater  than  1.000 

Intrarecord  Constraints: 

Most_Likely_Damade  greater  than  Smallest_Damage 
Largest_Damage  greater  than  Most_Likel y _Damage 

Interrecord  Constraints: 


Problem_Descr lption  must  be  unique 

Exposure_Descr iptlon  may  be  unique 

Control_Descr lption  may  be  unique 

The  number  of  Controls  f or _Weighted_Method  fields  must 
be  equal  or  less  than  Ehe  numDer  of  Control  records. 
The  same  must  be  true  for  the  Controls_f or _P . E . R . T  and 
Ranklng_Method . 

The  number  o±"  Control _Ef feet iveness_on_ Exposure  fields 
must  be  equal  to  the  number  of  Exposure  records. 

The  level  of  the  Set _Combmat ion  must  be  equal  or  less 
than  the  number  of  Control  records. 


39 


Intrarecord  constraints  limit  values  between  fields  within  a 
given  record.  Interrecord  constraints  limit  values  between 
fields  in  different  records  CRef  10] . 

2.    Logical  Database  Record  Relationship 

Figure  7.1  shows  possible  relationships  among  the 
records  used  by  CEA-DSS.  This  figure  is  a  data  structure 
diagram.  Single/double  arrow  notation  is  used  to  express  a 
one-to-many  relationship  and  double/double  arrow  represents 
a  many-to-many  relationship. 


PROBLEM 


EXPOSURE 


SET 


Figure  7.1    Data  Structure  Logical  Diagram 

The  above  complex  network  is  further  decomposed 
into  trees  in  order  the  database  to  be  able  to  deal  with 
the  data  requirements.  Figure  7.2  shows  the  decomposition 
of  the  complex  network.  It  is  a  four  level  tree  structure 
and  represents  relationships  according  to  the  model  specifi- 
cations. For  clarity  purpose,  the  Exposure  is  represented 
with  the   letter  'E'   and    the  Control  with  the  letter  'C. 
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The  dashed  lines  connecting  sets  with  controls  and  controls 
with  exposures  Indicate  that  It  la  not  necessary  for  a  set 
to  include  all  the  control  activities  or  a  control  activity 
to  influence  all  the  exposures. 


/  \ 


PROBLEM 


fi  E    BE    BE    E  S    BE    E  E 


Figure  7.2    Decomposition  of  the  Data  Structure 

3.   Data  Manipulation  in  the  CEA-D55  Database 

The  possible  transactions  and  the  data  that  the 
transactions  can  change  are  listed  in  Table  4.  Some  transac- 
tions change  data,  some  add  new  data,  some  delete  data  and 
some  are  simple  queries.  Queries  are  all  the  transactions  in 
the  sensitivity  analysis  part.  No  data  are  modified. 
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TABLE  4 
POSSIBLE  TRANSACTIONS  FOR  THE  CEA-DSS 


Transaction 


Data  or  Tranaaction  Involved 


NEW  PROBLEM 


DELETE  PROBLEM 


Add  one  record  in  the  directory 

Create  Control  and  Exposure  files 

Add,  at  least,  two  Exposures  and 
two  Control  activities 

Erase  Control  and  Exposure  files 

Erase  any  existing  Set  File 

Remove  the  Problem  record  from 
the  directory 

Erase  the  directory,  if  there  is 
not  another  problem  in  it 


ADD  EXPOSURE 


Add  one  record  in  the  Exposure  file 
Update  records  in  the  Control  file 


ADD  CONTROL 


Add  one  record  in  the  Control  file 


DELETE  EXPOSURE   Remove  record  from  the  Exposure  file, 

if  it  has  more  than  two  records 

Remove  references  to  this  Exposure 
from  the  Control  records 


DELETE  CONTROL 


Remove  record  from  the  Control  file, 
if  it  has  more  than  two  records 


EDIT  EXPOSURE     Modify  record  in  the  Exposure  file 


EDIT  CONTROL 


Modify  record  in  the  Control  file 


MODEL  EXECUTION   Erase  any  existing  Set  file  for  the 

selected  method. 

Create  Set  file 

Add  Control  Sets  in  the  Set  file 

Update  record  of  the  current  problem 
in  the  directory  of  the  system 
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B.   PHYSICAL  DATABASE  DESIGN 

During  the  second  phase  of  the  database  design,  the 
physical  design,  a  transformation  takes  place.  The  logical 
schema  is  transformed  into  the  particular  data  constructs 
that  better  satisfy  the  implementation  requirements  and 
constraints. 

1 .  Design  Constraints 

One  implementation  requirement  for  the  CEA-DSS  is  to 

be  used  on  microcomputers.   This  requirement   along  with  the 

other   requirements,   discussed   in  the  framework,  introduce 

the  following  constraints  for   the  physical   database  design 

phase : 

Integer  numbers  are  not  allowed  in  the  system.  All 
numbers  have  to  be  of  type  real  and  will  be  stored 
in  the  system  as  strings  of  characters. 

The  length  of  records  in  bytes  must  be  limited  as  much 
as  possible  because  of  microcomputer  limitations. 

Since  the  size  of  the  Control  record  depends  on  the 
number  of  the  Exposure  records,  the  number  of  Exposures 
for  one  problem  may  be  24  at  maximum. 

The  number  of  control  activities  for  one  problem  are 
limited  to  13  at  maximum.  Three  model  runs,  one  for 
each  method,  for  a  problem  having  13  control 
activities,  may  generate  up  to  24,576  set  records. 
These  records  need  at  least  3  Mbytes  to  be  stored. 

2.  The  Physical  Schema 

The  Physical  database  records  are  slightly  differen- 
tiated from  logical  records  to  satisfy  the  design 
constraints.  The  field  description  of  the  records  is  shown 
on  Table  5  where  all  numerics  are  of  type  real  and  the 
abbreviation  'char'  instead  of  'character'  is  used. 

Keys  are  identified  according  to  the  data  retrieval 
requirements.  The  record  relationships  and  constraints 
emain  the  same  as  in  the  logical  design. 

The  idea  of  having  flat  files  in  the  database  is 
infeasible  because  of  the  model's   computational  complexity. 
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TABLE  5 

PHYSICAL 

DATABASE  RECORDS 

Field 

DescriDt 

ion 

PROBLEM 

Record : 

Indexed 

on  Problem_Description 

Problem, 

Description 

Alphanumeric,  8  c 

bar 

Problem_ 

Creator 

Alphabetic,  25  ch< 

ar 

Problem_ 

Date 

Format  MM/DD/YY 

Controls 

_f  or_ 

Weight 

ed_Method 

Array ( 1 . 

.13)  of  2 

char 

Controls 

for 

P.E.R. 

T._Method 

Array ( 1 . 

.13)  of  2 

char 

Controls 

_f  or 

Rankin 

g  Method 

Array ( 1 . 

.13)  of  2 

char 

Weighted 

fiethod. 

Total 

Cost  of  Control 

a 

Numeric, 

10  char 

P.E.R.TT 

_Method_ 

Total_ 

Cost_of _Control 

s 

Numeric, 

10  char 

Ranking 

Method, ~ 

Total_ 

Cost_of _Control 

s 

Numeric, 

10  char 

EXPOSURE 

Record : 

Indexed 

on  Exposure_Ind 

ex 

Exposure 

_Index 

Numeric, 

2  char 

Exposure 

_ Description 

Alphanumeric,  50  char 

Exposure 

_Damage 

Numeric , 

8  char 

Exposure 

_Probabi 1 1 ty 

Numeric, 

5  char 

Smal lest 

_Damage 

Numeric, 

8  char 

Most_Lik 

ely_Damage 

Numeric , 

8  char 

Largest_ 

Damage 

Numeric, 

8  cnar 

Exposure 

RankP 

Numeric, 

5  char 

Exposure 

_RankQ 

Numeric, 

5  char 

CONTROL 

Record: 

Indexed 

on  Control_Index 

Control, 

Index 

Numeric , 

2  char 

Control, 

Description 

Alphanumeric,  50  char 

Control, 

Cost 

Numeric , 

8  char 

Control, 

Effectiveness, 

on_Exp 

osure ( 1 . . 24 ) 

Numeric, 

5  char 

SET  Record : 

Indexed 

on  Set, Cost 

Set,  comb  mat  ion 

Array ( 1 . 

.13)  of  2 

char 

Expected 

_  Benefits 

Numeric, 

10  char 

Expected 

_Loss 

Numeric , 

10  char 

Set_Cost 

Numeric , 

10  char 

Expected 

Value 

Numeric , 

10  char 

Expected 

Cost 

Numeric , 

10  char 

Benefit, 

Cost  Ratio 

Numeric , 

5  char 
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More  specifically,  the  use  of  flat  files  should  increase 
dramatically  the  time  required  for  a  model  run,  something 
undesirable  for  a  DSS . 

Variable  length  records  are  used  instead.  This 
variability  in  length  results  in  loss  of  storage  capacity 
because  the  record  occupies  space  equal  to  its  maximum 
length  regardless  its  actual  length.  This,  off-course,  is 
the  primary  disadvantage  of  the  variable  length  records,  but 
for  that  particular  application  is  justified  by  the  fact  of 
time  savings. 
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VIII.   IMPLEMENTATION  OF  THE  CEA-DSS 

One  of  the  objectives  of  the  implementation  phase  is  to 
use  the  CEA-DSS  with  microcomputers. 

A.  THE  PROGRAMMING  LANGUAGE 

The  complexity  of  dialog  and  data  component  underline 
the  need  for  a  structured  programming  language  which  can 
support  character  manipulations,  screen  management  and,  to 
some  degree,  mathematic  calculations.  Turbo  Pascal 
(Version  2.0)  was  chosen  for  this  particular  implementation. 

B.  SUPPORTING  PACKAGES 

Turbo  Access  Toolbox  (Version  1.00)  is  used  for  the 
database  management  system.  Turbo  Access  provides  for 
sequential,  indexed  sequential  and  direct  file  access, 
allowing  and  the  existence  of  duplicate  keys  in  an  index 
file.  Turbo  Graphix  Toolbox  (Version  1.00A)  is  used  for  the 
graphics  part  of  the  system. 

C.  THE  DATA  FLOW  IN  THE  CEA-DSS 

In  order  to  deal  with  the  high  complexity  of  the  data 
and  transaction  flow,  it  was  necessary  to  divide  the  system 
from  the  beginning  into  four  major  areas.  This  helped  to 
draw  the  initial  diagrams.  Using  these  diagrams  as  the  base, 
after  reviews  and  refinements,  the  final  software  structure 
was  derived.  These  four  areas  are  the  following: 

1 .   The  Main  Area 

This   area   contains   data   flows   and   transactions 
occurring  from   the  initialization   of  the   system  until  the 


46 


main  menu  appear  on  the  screen  and  the  user  make  his/her 
selection.  Figure  8.1  shows  the  refined  flow  diagram  of  the 
main  area. 

2.  The  Database 

Figures  8.2,  8.3  and  8.4  are  the  flow  diagrams  of 
this  area.  It  contains  transactions  and  data  flows  related 
to  the  database  management  system,  like  updating  control  and 
exposure  files,  switching  problems,  and  deleting  problems. 

3.  The  Model 


The  model  area  diagram.  Figure  8.5,  describes  all 
the  operations  of  the  model  execution.  Figure  8.6,  presents 
in  detail  the  data  flow  during  the  generation  of  the  control 
sets.  This  is  the  most  important  and  most  complex  part  of 
the  CEA  model  and  is  included  here  for  maintenance  and 
future  modification  or  improvement  purposes. 

4.   The  Sensitivity  Analysis  Area 

Transactions  and  data  flows  associated  with  the 
decision  support  part  of  the  CEA-DSS  are  illustrated  in 
Figures  8.7,  8.8  and  8.9. 

D.   SOFTWARE  STRUCTURE 

The  refined  software  structure.  Figure  8.10,  is  a 
rearrangement  of  the  flow  diagrams  from  the  perspective  of 
the  flow  of  control  in  the  system.  The  requirement  for  the 
user  to  access  control  over  the  whole  process,  underlines 
the  need  for  a  hierarchical  flow  of  control  among  the 
various  processes  of  the  system.  Top-down  is  considered  as 
the  most  effective  design  for  the  CEA-DSS  since  it  results 
in  a  modular  and  highly  cohesive  software  structure. 
Modularity  and  high  cohesion  facilitate  the  coding  and 
maintenance  phases. 


47 


START 


/  Specify  L 
J     drive    / 

Soace 
Available 


Find 
directory 


Create 
directory 


Figure    8.1  Main    Area    Flow    Diagram 
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Figure  8.2    Database  Flow  Diagram 
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Figure  8.3    Delete  Problem  Flow  Diagram  (Database) 
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Figure  8.4    Update  Files  (Database) 
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Figure    8.6  Control    Sets    Flow    Diagram     (Model) 
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Figure  8.7    Sensitivity  Analysis  Flow  Diagram 


54 


UeiQhted 
Set" file 


Searcn 
CkJLow 


FiriO 
Win.   TO 


Search 
CtOLow 


Find 

tax.   BCP 


Figure  8.8    Control  Strategy  Flow  Diagram  (Sens.  Analysis) 
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Figure  8.10    The  Refined  Software  Structure 
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E.   IMPLEMENTATION  PROBLEMS 

The  most  serious  implementation  problems  are  problems 
associated  with  the  memory  management  of  a  microcomputer. 
The  capacity  of  the  memory  dedicated  to  the  Central 
Processing  Unit  (CPU)  is  64  Kbytes  for  a  microcomputer. 
Consequently,  the  size  of  the  program  part  called,  along 
with  all  the  type  declarations  and  the  supporting  modules, 
must  not  exceed  the  size  of  the  CPU's  memory.  This  is  a 
troublesome  limitation  when  dealing  with  long  programs. 

This  is  the  case  for  the  CEA-DSS.  The  inclusion  of  the 
Turbo  Access  and  Turbo  Graphix  packages  within  the  actual 
program  further  limited  the  allowable  size  of  its  modules. 
Reduction  of  the  module  size  implies  a  loose  control 
hierarchy.  An  effort  to  reorganize  the  software  structure 
resulted  in  undesirable  control  flow  inefficiencies. 
Fortunately,  Turbo  Pascal  provides  for  overlay  organization 
which  eliminates  the  memory  size  limitation. 

A   technique,   called   overlays,   is   used   to  allow  the 

system  to  be  larger  than  the   amount  of   memory  allocated  to 

it.  The   idea  of   overlays  is   to  keep   in  memory  only  those 

instructions  and  data  that   are   needed   at   any   given  time 

[Ref .  11] .   When   other   instructions   are   needed,  they  are 

loader   into   space    that    was    previously    occupied   by 

instructions   that   are   no   longer   needed.   However,   this 

technique  suffers  from  the  following  limitations: 

A  module  must  first  be  loaded  into  the  memory  in  order 
to  be  executed.  This  causes  the  system  to  run  somewhat 
more  slowly,  due  to  the  extra  I/O  operation  to  read 
the  module.  For  this  reason,  it  is  recommended  to  load 
the  CEA-DSS  software  on  a  hard  disk  or  a  ram  disk.  High 
access  speed  devices  would  result  in  considerable 
reduction  of  access  time. 

Since  overlays  share  the  same  space  in  memory,  a  module 
cannot  call  modules  which  belong  in  another  overlay 
of  the  same  area.  For  example,  a  module  calls  another 
one  from  a  different  overlay.  This  overlay  is  loaded  in 
place  of  the  caller  and  the  called  module  is  executed. 
The  problem  is  that  after  its  execution  the  system  is 
meshed  because  it  does  not  find  the  caller  to  return. 
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This  introduced  additional  problems  to  the  original 
structure  of  the  program.  The  inclusion  of  control  code, 
like  flags,  labels,  case  and  if  then  else  statements,  helped 
in  establishing  communications  among  the  various  overlays  of 
the  same  area . 

F.   EFFORT  DISTRIBUTION  FOR  THE  CEA-DSS  DEVELOPMENT 

CEA-DSS  was   built  in  five  months  and  required  an  effort 

of  six  man-months.  Table  6   shows   the   distribution  of  the 

effort,  in   percentages,  among   the  different   phases  of  the 
CEA-DSS  development. 


TABLE  6 
EFFORT  DISTRIBUTION 


Time 


Activities 


20* 
23* 
30* 
5* 
22* 


Requirements  Analysis  and  Initial  Design 
Detailed  Design 

Programming,  Debugging  and  Testing 
Initial  Testing  and  User's  feedback 
Stepwise  refinement  of  the  components 
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IX.   A  SESSION  WITH  THE  CEA-DSS 

The  objective  of  this  chapter  is  to  illustrate  the 
operation  of  the  CEA-DSS.  The  figures  in  this  chapter  have 
been  generated  during  the  testing  phase  of  the  CEA-DSS  on  a 
IBM  PC-XT  microcomputer. 

A  series  of  screens  has  been  suggested  as  the  most 
effective  way  to  describe  step-by-step  the  system's  basic 
operation. 

STEP  1 :  Drive  definition  (Figure  9.1).  The  system  has 
the  flexibility    to  use  a  different  drive  for  its  database. 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:             ACTION: 

DEFINE  THE  DRIVE  YOU  WANT  TO  USE  FOR  FILES 

IT  IS  BETTER  THE  DSS  TO  BE  ON  A  DIFFERENT  DRIVE 
DO  NOT  USE  THE  LETTER  C  IF  THERE  IS  NO  HARD  DISK 

DRIVE  A,B,C.D,E  or  F:                        Tooay  Is:  8/19/1985 

Figure  9.1    Drive  Definition 

Care  must   be  taken   for  not  using  drive  "C"  with  IBM  PC-XTs 
which  do  not  have   a  hard   disk  drive.   In  all   other  cases. 
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CEA-DSS  has   the  ability   to  find  any  wrong  drive  definition 
and  prompts  the  user  to  redefine  the  drive. 

STEP  2:  Directory  (Figure  9.2) .  The  directory  contains 
information  about  previously  defined  problems.  It  is  located 
on  the  drive  where  data  for  these  problems  are  stored. 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:             ACTION:  GIVE  PROBLEM  NAME 

CHOOSE  ONE  OF  THE  FOLLOWING  OR  CREATE  YOUR  OWN  PROBLEM 

PROBLEM:   CREATED  BY:             DATE: 
CMC       SCHAEFFER  HOWARD          8/15/1985 
PR0BLEM1    PRESSMAN  JOHN            8/19/1985 
PR0BLEM2   ELSON  MARK              8/19/1985 
TEST      RICHARD  NOLAN            7/30/1985 

Nuaoer  of  Problems  in  tne  Directory:  4 

ENTER  THE  NAME  OF  THE  PROBLEM:  DSSTEST            Today  Is:  8/19/19B5 

1 

Figure  9.2    Directory 

When  a  new  drive,  i.e.  a  new  floppy  disk,  is  selected, 
the  system  creates  a  directory  first,  and  then  prompts  the 
user  to  define  the  problem.  For  a  pre-defined  drive,  a 
listing  of  the  directory  appears  on  the  frame.  The  user  may 
select  a  problem  from  the  directory,  or  define  a  new  one.  In 
case  of  an  existing  problem  selection,  the  process  continues 
with  Step  4. 

STEP  3:  Data  entry  (Figure  9.3).  The  system  creates 
the  control  and  exposure  files  for  the  particular  problem. 
Then,  the   user  has   to  provide   the  initial   data.  At  least 
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EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 


PROBLEM:  DSSTEST 


ACTION:  UPDATE  EXPOSURES 


Index:03    DescriptiomExposure  3 


WEIGHTED:  Damage: $50000 
P.E.R.T:  Smallest :$30000 
RANKS:   Rank  P:4.000 


Probability:0.95 
Most  Likely:$55000 


Largest: $65000 


Rank  0:4.300 


Rank 
0 

1 
i_ 
3 
4 

e 
J 

6 

7 


Damage  caused  by  error 
virtually  lBDossible 
night  napoen  once  in  400  years 
■ight  naooen  once  in  40  years 
raight  napoen  once  in  4  years 
might  naDDen  ones  in  100  days 
night  happen  once  m  10  days 
might  naooen  once  in  1  cay 
sight  napoen  ten  times  a  day 


Rank 
0 
1 

2 
3 
4 

B 
J 

6 
7 


Damage  caused  by  failure 
neghgioie 


a  DO  Lit 

aoout 
about 
aDout 
aDout 
apout 
over 


$10 

$100 

$1,000 

$10,000 

$100,000 

$1,000,000 

$1,000,000 


A)dd,  D)elete,  E)dit,  N)ext,   P)revious  or  Q)uit:       I     Today  Is:  8/19/1385 


EFFECTIVENESS    OF     CONTFtfL    AND    SECURITY    OF    COMPUTER    SYSTEM 


PROBLEM:  DSSTEST 


ACTION:  UPDATE    CONTROLS 


Inoex:02         Descriot ion: Control  c 
Cost: $2 1500 

Effectiveness  on  Exoosure  1:  0.0 

Effectiveness  on  Exoosure  2:  0.0 

Effect lveness  on  Exposure  3:  0.7 

Effectiveness  on  Exoosure  4:  0.0 


ft)oc.   D)eiete,   £)dit,   N>ext,   P)revious  or  Qr-ni : 


foaay  is:  8/13/ 198! 


Figure    9.3  Data    Entry 
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two  exposures  and  two  control  activities  are  required  to 
enable  the  CEA-DSS  to  generate  control  combinations.  The 
process  during  this  step  is  under  the  direct  control  of  the 
CEA-DSS. 

STEP   4:   The   Main   Menu   is   shown   in  Figure  9.4.  The 
logical  selection  for  a  new  problem  is  the  Model  option. 


EFFECTIVENESS 

Of    CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST 

ACTION:  MAIN  MENU 

MAIN  MENU  OPTIONS: 

1. 

Hap 

2. 

UPDATE  FILES  OR  CHANGE  PROBLEM 

3. 

RUN  THE  COST  EFFECTIVENESS  MODEL 

A. 

SENSITIVITY  ANALYSIS  OF  ALTERNATIVES 

5. 

EXIT  TO  DOS 

SELECT  1,2,3,4  or 

5  :                    !  Toaav  Is:  8/13/1965   ' 

!                                1 

Figure  9.4    Main  Menu 

STEP  5:  Model  execution.  The  Model  Menu,  allows  the 
selective  invocation  of  one  of  the  three  statistical  methods 
for  a  model  run.  The  user  may  select  one  method  or  all  of 
them.  Then,  the  system  prompts  the  user  to  define  the 
desired  level  of  cost  according  to  which  the  generation  of 
control  sets  will  be  performed.  The  use  of  realistic  cost 
levels  is  recommended,  since  it  may  result  in  a  considerable 
reduction  of  the  amount   of   control   sets   to   be  generated 
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and,  consequently,  in  storage  and  I/O  time.  Figure  9.5  shows 
the  model  menu  and  the  cost  level  entry. 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST        ACTION:  MODEL 

MODEL  MENU  OPTIONS: 

1.  HELP 

2.  RUN  THE  WEIGHTED  METHOD 

3.  RUN  THE  P.E.R.T   METHOD 

4.  RUN  THE  RANKING   METHOD 

5.  RUN  ALL  THE  METHODS 

6.  RETURN  TO  MAIN  MENU 

SELECT  1,2,3,4,5  or  6  :                   j  Today  Is:  6/19/1985 

EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST        ACTION:  MODEl  /  WEIGHTED  METHOD 
1 

! 

! 
Total  Damape  Due  To  Exposures  :    147800 

Cost  to  I  mo  lenient  All  Controls  :    69500 

1 

i 

i 

Give  The  Maximum  Hmount  You  Want  To  Spend  On  Controls 
or  Dress  Enter  for  All 

MAXIMUM  :  *  6950(i 

i 
! 

1 
i 

1  Toaav<  Is:  6/19/1985   ! 

!                       i 

Figure  9.5    Model  Menu  and  Cost  Level  Entry 
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STEP  6:  Sensitivity  Analysis  Menu  (Figure  9.6).  The 
prerequisite  for  accessing  the  "Control  Strategy"  and  the 
"Graphics"  options,  is  the  execution  of  the  model.  The  same 
is  true  and  for  the  "Print  Reports"  option  when  a  printout 
of  a  set  file  is  requested. 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST 

ACTION:  SENSITIVITY  ANALYSIS 

SENSITIVITY  ANALYSIS  MENU  OPTIONS: 

1. 

HELP 

2. 

FIND  CONTROL  STRATE6Y 

3. 

6ENERATE  GRAPHICS 

A. 

PRINT  REPORTS 

5. 

RETURN  TO  MAIN  MENU 

SELECT  1,2, 3,  *  or  5  : 

Todav  Is:  8/15/1985 
l                 1 

Figure  9.6    Sensitivity  Analysis  Menu 

STEP  7:  Print  Reports.  The  system  has  the  capability  to 
produce  three  types  of  reports.  It  is  expected  that  the  user 
will  use  these  reports,  during  the  sensitivity  analysis 
process,  as  reference.  The  first  table  (Figure  9.7)  summari- 
zes the  initial  data  of  expected  losses  caused  by  exposures, 
for  three  statistical  methods.  The  second  report 
(Figure  9.8)  summarizes  the  control  activities'  effective- 
ness on  exposures.  Finally,  control  sets  report  is  a  listing 
of  the  file  created  and  updated  by  a  model  run.  Figure  9.9 
shows  the  control  sets  generated  according  to  the  weighted 
method . 
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DECISION      SUPPORT      SYSTEM 


COST    EFFECTIVENESS    ANALYSIS 

FOR 

CONTROL  t    SECURITY  OF  COMPUTER  SYSTEMS. 


EXPECTED  LOSSES  CAUSED  BY  EXPOSURES  FOR  WORK  DSSTEST 


THE  WEISHTED  METHOD 


POTENTIAL  ERRORS 


AMOUNT  OF 

PROB/TY  OF 

DAMAGE 

OCCURENCE 

40000 

0.850 

60000 

0.780 

50000 

0.950 

30000 

0.650 

01  Exposure  1 

02  Exoosure  2 

03  Exposure  3 

04  Exposure  4 


THE  P.E.R.T  METHOD 


POTENTIAL  ERRORS 


AMOUNT  Of7  DAMAGE 
saallest  m. likely  largest 


01  Exoosure  1 

02  Exposure  2 

03  Exoosure  3 
0*  Exoosure  4 


30000 
25000 
30000 
15000 


35000  40000 

45000  63200 

55000  65000 

£0000  4000C 


THE  RANKING  METHOD 


01  Exoosure  1 

02  Exposure  2 

03  Exposure  3 

04  Exposure  4 


POTENTIAL  ERRORS 


ESTIMATION  OF 

PROBABILITY 

OF  OCCURENCE  AND  DAMAGE 

Ran*  P 

RariK  G 

3.  BOO 

4.200 

3.650 

4. 50C 

4.000 

4. 300 

3.200 

4. 300 

Figure    9.7  An    Expected    Losses    Report. 
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DECISION   SUPPORT   SYSTEM 

COST  EFFECTIVENESS  ANALYSIS 

FOR 

CONTROL  ft  SECURITY  OF  COMPUTER  SYSTEMS. 

CONTROL  ACTIVITIES  FOR  WORK  DSSTEST 

01  Control  1 

02  Control  2 

03  Control  3 

04  Control  4 

EXPOSURES  FOR  WORK  DSSTEST 

01  Exposure  1 

02  Exposure  2 

03  Exposure  3 

04  Exposure  4 

EFFECTIVENESS  OF  CONTROL  ad)  ON  EXPOSURE  e(i) 

exposure  :  oi  :  02  :  03  i  04  : 

1   1  0.800  0.000  0.000  O.OOO 

2   !  0.000  0.000  0.000  0.83G 

3   !  0.000  0.700  0.000  0.000 

4   !  0.000  0.000  0.850  0.000 

COSTa(i):  13000  21500  10000  250* 

Figure  9.8    A  Control  Effectiveness  Report 
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DECISION   SUPPORT 

SYSTEM 

1 

COST  EFFECTIVENESS  ANALYSIS 

FOR 

CONTROL  4  SECURITY  OF  COMPUTER  SYSTEMS. 

WEIGHTED  METHOD:  CONTROL  SETS  FOR  WORK  DSSTEST 

CONTROL  ACTIVITIES  USED  BY  THE  CONTROL  SETS: 

01:  Control  1 

02:  Control  2 

03:  Control  3 

04:  Control  4 

CONTROL  ACTIVITIES            VALUE 

COST 

EXP.  COS' 

BCR 

03,                            16575 

10000 

141225 

1.65 

01,                             27200 

13000 

133600 

2.09 

02,                            33250 

21500 

136050' 

1.54 

01,03,                           43775 

23000 

127025 

1.90 

04,                             38844 

25000 

133956 

1.55 

02, 03,                          49825 

31500 

129475 

1.58 

01,02,                           60450 

34500 

121850 

1.75 

03,04,                           55419 

35000 

127381 

1.58 

01,04,                           66044 

38000 

119756 

1.73 

01,02,03,                         77025 

44500 

115275 

!  7" 

02.04,                           72094 

46500 

122206 

1.55 

01,03,04,                         82619 

48000' 

113161 

1.72 

02,03,04,                         88669 

56500 

115631 

1.56 

01,02,04,                         99294 

59500 

108006 

1.66 

01,02,03,04,                      115869 

69500 

101431 

1.66 

Figure  9.9    A  Control  Sets  Report 
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The  print  menu  is  described  in  Figure  9.10.  Before 
selecting  an  option,  the  user  must  make  sure  that  the 
printer  is  on-line. 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST 

ACTION:  SENSITIVITY  ANALYSIS  /  PRINT  REPORTS 

PRINT  REPORTS  MENU  OPTIONS: 

1.  KELP 

E.  PRINT  EXPOSURE  EXPECTED  LOSS  TABLE 
3.  PRINT  CONTROL  EFFECTIVENESS  TABLE 
A.  PRINT  SET  FILES 
5.  RETURN  TO  SENSITIVITY  ANALYSIS  MENU 

SELECT  1,2,3,4  or  5  :                        Today  Is:  8/19/1985 

Figure  9.10    The  Print  Menu 

STEP  8:  Graphics.  Curves  and  histograms  help  the  user 
conceptualize  the  differences  among  alternative  control  sets 
and  among  different  statistical  methods.  The  incompatibility 
problem  of  the  various  types  of  printers  does  not  allow  the 
system  to  make  hard  copies  of  the  graphs.  The  user  can  use 
instead  the  tPrtSc]  key  of  the  keyboard.  Each  graphics 
screen  contains  two  graphs.  The  upper  graph  depicts  the 
Benefit  Cost  Ratio  versus  Cost  relationship,  and  the  lower 
graph  the  Total  Expected  Cost  versus  Cost.  Figure  9.11  shows 
the  curves  for  the  DSSTEST  problem  and  Figure  9.12  the 
histograms.  For  readability  purposes,  on  each  curve  can  be 
drawn  up   to  200  points  and  on  each  histogram  up  to  24  bars. 
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Figure  9.11    Graphical  Analysis  using  Curves 
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Figure  9.12    Graphical  Analysis  using  Histograms 
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STEP  9:  The  last  phase  of  the  CEA-DSS  procesa  ia  the 
control  strategy  selection.  The  decision  maker  may  select 
the  most  effective  (Figure  9.13)  or  the  most  cost  effective 
control  strategy  (Figure  9.14)  within  the  cost  range  he/she 
desires.  The  decision  maker,  helped  by  the  reports  and 
graphs,  is  expected  to  have  a  better  opinion  about  the 
amount  to  be  spent  for  control  measures. 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  CF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST        ACTION:  SENSITIVITY  ANALYSIS  /  CONTROL  STRATEG* 

WEI6HTED  METHOD:  THE  MOST  EFFECTIVE  SET 

CONTROL  :  Control  1 
CONTROL  :  Control  2 
CONTROL  :  Control  3 

Vaiue  of  Control  Set   :    77025     Cost  of  Control  Set   :    44500 
Total  Exoected  Benefit  :    32525    Total  ExDected  Cost   :   115275 

Cost  Benefit  Ratio(BCR):  1.73 

Prior  Exoected  Damane  Due  to  Exposures :  147800 
Post  txDecteti  Damage  Due  to  ExDOSures:   70775 

_ 
Dress  anv  Key..                          '  :oca»  is:  8/20/1985 

Figure  9.13    The  most  Effective  Control  Strategy 

The  optimal  solution  in  the  problem  is  found  when  the 
selected  control  set  is  both  the  most  effective  ana  the 
most  cost-effective  over  a  predefined  cost  range.  This  is 
the  case  for  this  particular  example.  Figures  9.13  and  9.14 
show  the  same  control  set.  Under  the  "Most  Effective" 
option,  the  control  set  with  the  lowest  expected  cost  is 
selected.  Under  the  "Most  Cost-Effective"  option,  the  set 
with   the   highest   BCR   is   the   most   preferable.  However, 
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the  system  does  not  provide  any  algorithm  for  combining 
theae  two  options  in  order  to  indicate  the  optimal  control 
strategy . 


EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST 

ACTION:  SENSITIVITY  ANALYSIS  /  CONTROL  STRATEGY 

WEIGHTED  METHOD:  TH£  MOST  COST  EFFECTIVE  SET 

CONTROL  :  Control  1 
CONTROL  :  Control  2 
CONTROL  :  Control  3 

Value  of  Control  Set   :    77025    Cost  of  Control  Set   :    44500 
Total  Exoected  benefit  :    32525    Total  Expected  Cost   :   115275 

Cost  Benefit  Ratio(BCR):  1.73 

Prior  Exoected  Daoaoe  Due  to  Exposures:  147800 
Post  Exoected  Dawage  Due  to  Exoosures:   70775 

Dress  any  Key..                           Today  Is:  8/20/1985 

Figure  9.14    The  most  Cost-Ef f ective  Control  Strategy 

This  is  the  basic  process  for  a  problem  creation  and 
analysis.  Also,  the  user  has  the  opportunity  to  access  the 
database  of  the  system  through  the  Database  Menu.  He/she  may 
modify  the  initial  data,  change  problem  and/or  delete  the 
problem.  If  modifications  take  place  on  the  data,  the  model 
must  be  executed  again.  The  deletion  of  the  problem  erases 
any  file  belonging  to  this  as  well  as  its  record  in  the 
directory.  After  that,  the  main  menu  appears  on  the  screen 
allowing  the  user  to  select  one  of  the  "Help",  "Database" 
and  "Exit  to  DOS"  options.  The  other  options  of  the  main 
menu  are  prohibited  when  there  is  no  problem  definition.  The 
database  choice  after  a   problem   deletion   or   changing  the 
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current  problem  cause  the  previously  described  process  to  be 
repeated  from  the  beginning.  The  database  menu  appears  on 
Figure  9.15. 


• 

EFFECTIVENESS  OF  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS 

PROBLEM:  DSSTEST        ACTION:  DATABASE 

DATABASE  MENU  OPTIONS: 

1.  HELP 

2.  CHANGE  PROBLEM 

3.  DELETE  CURRENT  PROBLEM 

4.  UPDATE  EXPOSURE  FILE 

5.  UPDATE  CONTROL   FILE 

6.  RETURN  TO  MAIN  MENU 

SELECT  1,2,3,4,5  or  6  :  2                    Tooav  Is:  6/2(1/1985 

1 

Figure  9 . 15 


Database  Menu 
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X.   CONCLUSION 

The  purpose  of  the  research  was  to  implement  a  D5S  for 
selecting  EDP  control  strategies.  Three  analytical  methods 
for  determining  cost-effectiveness  of  EDP  controls  were 
integrated  in  a  customized  database  management  system.  Also 
a  careful  user  interface  was  designed  to  support  user 
interactiveness  with  the  system. 

From  the  user's  perspective,  the  current  version  of  the 
CEA-DSS  is  able  to  handle  any  uneven  condition  associated 
with  data  entry  and  process  request  errors.  The  enhancement 
of  an  acceptable  combination  of  colors  and  sounds  contribu- 
tes to  the  user  friendliness  of  the  system.  Since  the  users 
have  different  preferences,  one  possible  improvement  should 
be  to  let  the  user  define  the  colors  and  sounds  he/she 
likes.  The  help  facility  also  can  be  easily  modified  to 
satisfy  the  user  needs  for  on-line  information,  as  discussed 
in  Appendix  B. 

From  the  system  design  perspective,  CEA-DSS  permits  the 
user  to  exercise  virtual  control  over  its  processes.  The 
database  system  is  exclusively  designed  and  implemented  to 
serve  the  introduced  EXPOSURE,  CONTROL  and  SET  records.  It 
is  expected  that  any  future  enhancements  in  the  database 
schema  will  require  extensive  modifications  and  maintenance 
to  be  done  on  the  database  and  the  DBMS.  The  model  base  of 
the  CEA-DSS  consists  of  the  three  variances  of  the  CEA 
model.  Integration  of  new  techniques,  using  the  existing 
data  structure,  will  require  slight  modifications  of  the 
current  system.  The  same  is  true  for  the  sensitivity 
analysis  part  where  any  additional  reports,  graphs  and 
control  strategy  selection  algorithms  will  not  influence  the 
system . 
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One  great  inefficiency  recorded  during  the  testing 
phase  is  associated  with  the  control  strategy  selection 
algorithm.  The  sample  problem  DSSTEST,  presented  in 
Chapter  9,  can  be  considered  as  an  extreme  condition.  The 
solution  was  recognized  as  the  optimal  one  because  it  had 
both,  the  greatest  Benefit  Cost  Ratio  and  the  lowest  Total 
Expected  Cost.  This  is  generally  not  the  case.  In  reality, 
the  optimal  solution  is  found  somewhere  in  the  three 
dimensional  spectrum  composed  of  the  Benefit  Cost  Ratio,  the 
Total  Expected  Cost  and  a  Scaling  Relational  Algorithm  for 
them.  It  is  expected  that  the  enhancement  of  such  an 
algorithm  will  dramatically  improve  the  control  strategy 
selection  process. 

Another  unresolved  issue  concerns  the  assignment  of 
the  BCR  to  the  control  sets.  Control  Sets  consisting  of 
fewer  Control  activities  turn  out  to  have  higher  BCRs.  This 
is  due  to  the  nature  of  the  algorithm  that  the  model  uses  to 
compute  the  value  of  the  control  sets.  A  way  to  handle  this 
would  be  to  introduce  in  the  computation  of  the  control 
set's  BCR  one  more  parameter  which  will  be  able  resolve 
these  differences. 

It  is  recommended  that  the  CEA-DSS  built  during  this 
research  be  evaluated  on  real  life  applications.  In  effect, 
all  data  used  during  the  testing  phase  of  the  CEA-DSS  were 
chosen  on  a  random  basis.  Information  gathered  from  a  real 
life  computer  audit  process  would  probably  contribute  to 
the  evaluation  of  current  control  techniques.  Furthermore, 
the  CEA-DSS  will  not  only  support  the  selection  phase  but 
also  the  evaluation  and  exploration  phases  of  the  computer 
audit  process  life  cycle. 
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APPENDIX  A 
MESSAGES 

INFORMAL  MESSAGES: 

CREATING   EXPOSURE   AND   CONTROL   FILES 

Initiation:  A  new  problem  has  been  introduced  by  the  user. 

DELETING    CONTROL 
DELETING   EXPOSURE 

Initiation:  Request   for  deletion   of  a   control  or  exposure 
record . 

NEW   DIRECTORY 

Initiation:  New  drive  definition. 

CONTROL  "description"  IS  NOT  EFFECTIVE 

Initiation:  The  cost  of  a  control   activity  is   greater  than 
its  expected  value. 

PLEASE   WAIT 

Initiation:  Control  sets  generation. 

PLEASE  WAIT  FOR  THE  PREPARATION  OF  THE  GRAPH 

Initiation:   Request   for   graphic   representation,  curve  or 
histogram . 
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ERROR  MESSAGES: 

SYSTEM   REQUIRES   2   CONTROLS   AT   LEAST 
SYSTEM   REQUIRES  2  EXPOSURES   AT   LEAST 

Initiation:  Request   for   deletion   of   control   or  exposure 
record  while  the  file  contain  only   two  records. 

THE  SYSTEM  CANNOT  HOLD  ANOTHER  EXPOSURE 

Initiation:  The   user   attempts   to   add   the   14th   control 
activity  or  the  25th  exposure. 

YOU  MUST  RUN  THE  MODEL  FIRST 

Initiation:  Request   to   access   sensitivity   analysis  areas 
prior  to  the  model  execution. 

THERE  IS  NOT  ENOUGH  SPACE  ON  DRIVE  X 

Initiation:  Nonexistent   drive   definition   or   the   defined 

drive  does  not  have  the  appropriate   space  for  a 

dictionary  and  problem  creation. 

CHECK  YOUR  ENTRY.  "HIGH"  MUST  BE  GREATER  THAN  "LOW" 
Initiation:  Entry  of   an  ambiguous  cost  range  for  the 
sensitivity  analysis  part. 


TRIGGER  MESSAGES: 

DEFINE  THE  DRIVE  YOU  WANT  TO  USE  FOR  FILES 

Initiation:  CEA-DSS   activation   or   request   to   change  the 
current  problem. 

DO  YOU  WISH  TO  DELETE  THE  PROBLEM  ? 

Initiation:  Request   to   delete   the   current   problem.   The 
system  prompts  the  user  to  confirm. 
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THERE  IS  ALREADY  FILE  FOR  THAT  METHOD 

Initiation:  Request   to  rerun  the  model.  The  user  can  delete 

the   set   file   only,   or   to   proceed   to  model 

execution . 

CANNOT  COMPUTE  SETS  WITHOUT  EFFECTIVE  CONTROLS 
CANNOT  COMPUTE  SETS  WITH  ONLY  ONE  EFFECTIVE  CONTROL 
Initiation:  Control   sets   generation.   The  user  may  correct 

some  initial   data   or   to   abandon   the  current 

problem . 

THERE  IS  NO  ANY  SET  WITHIN  THAT  RANGE 

Initiation:  The   cost  range  defined  for  sensitivity  analysis 
is  very  limited.  The  user  may  widen  the  range. 

CANNOT  MAKE  GRAPH  WITH  LE5S  THAN  2  SETS 

Initiation:  Request  for   graphics,   while   the   defined  cost 

range   includes   only   one  control  set.  The  user 

may  redefine  a  wider  cost  range. 
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APPENDIX  B 
THE  HELP  FACILITY 

The  help  facility  of  the  CEA-DS5  is  carried  out  via  the 
HELP  module,  listed  at  the  end  of  the  program  listing  in 
Appendix  C.  The  Help  module  supplies  the  calling  menu  with 
information  relative  to  its  functions.  The  algorithm  for 
this  selective  retrieval  of  information  is  based  on  a  code 
character.  This  character  is  sent  to  the  Help  module  as 
parameter  in  the  call  statement,  identifying  the  calling 
part  of  the  program.  The  Help  module  uses  this  character  to 
assemble  the  file  name  of  the  text  file  where  the  requested 
information  resides. 

The  advantage  of  keeping  the  help  text  external  to  the 
program  is  that  it  can  be  changed  easily,  with  any  editor, 
without  affecting  the  code  of  the  CEA-DSS.  The  help  module 
also  has  the  advantage  of  returning  control  to  the  caller 
immediately  in  case  that  the  requested  help,  text  file,  is 
missing.  The  files  of  the  system  dedicated  to  the  help 
facility  along  with  their  content  are  listed  below. 

File:  HELPM.TXT 

HELP   FOR    MAIN    MENU 

UPDATE  FILES  OR  CHANGE  WORK 

This  is  the  Database  of  the  system.  You  have  access  to  three 

files.  The  EXPOSURE,  the  CONTROL  and   the  PROBLEM   file.  You 

can  Add,  Delete  or  Edit  EXPOSURES  and  CONTROLS.  You  can  also 

Change  or  Delete  WORK. 

RUN  THE  COST  EFFECTIVENESS  MODEL 

Once   you  have   updated  the   EXPOSURE  and   CONTROL  files  you 

can   run   the   model.   The   model   will  create  the  set  files 
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which  will   be  used   after  for  decision  making.  If  you  chose 
the  current  work  from   the  directory   of  the   system  and  you 
are  not   going  to   modify  the  EXPOSURE  and  CONTROL  files  you 
DON'T  need  to  run  the  model. 
SENSITIVITY  ANALYSIS 

This  is  the  main  area  of  interest.  It  will  help  you  to  find 
out  the  optimal  solution  according  to  your  preferences  and 
budget.  There  are  available  to  you  graphics  and  print 
facilities . 

File:  HELPD.TXT 

HELP    FOR    DATABASE    MENU 

At  the   bottom  of   the  frame   it   appears  always  the  command 

line  which  prompts  you   to  make  selections  by  typing  numbers 

or  letters. 

CHANGE  PROBLEM 

The   directory   of   the   system   is   listed  and  then  you  are 

prompted  to  define  the  problem  you  desire.  If   you  choose  an 

existing  one,   you  will   be  switched  to  that  immediately.  If 

you  create  a  new  one,  you  will  be  asked  to   enter,  at  least, 

two  EXPOSURES  and  two  CONTROL  ACTIVITIES. 

DELETE  CURRENT  PROBLEM 

You   can   only   delete   the   current  problem.  If  you  wish  to 

delete  a  different   problem,   you   must   change   the  problem 

first,  and   then  choose   from  the   directory  the  problem  you 

want  to  delete,  and  delete  it.  You  will  be  asked   to  confirm 

for  the  requested  deletion  by  typing  the  character  "!". 

UPDATING  EXPOSURE  OR  CONTROL  FILE 

You  can   A ) dd ,  D)elete,   E)dit   Exposures  and   Controls,  and 

scroll  the   files   forwards   and   backwards   using   N)ext  or 

P ) revious . 

Keep   in   mind   that   the   edit  mode  is  always  in  the  INSERT 

MODE. 
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File:    HELPO.TXT 

HELP  MODEL 

You  can  run  the  model  using  the  WEIGHTED  PROBABILITY,  the 
P.E.R.T  method  and  the  RANKING  method.  You  will  be  prompted 
to  enter  the  upper  cost  limit.  If  you  have  enough  controls 
in  the  control  file  it  is  better  to  use  as  short  cost 
ranges  as  possible  in  order  to  minimize  the  time  that  the 
system  will  require  to  generate  the  control  sets.  Don't 
forget  that  N  controls  may  produce  2  to  the  Nth  power 
control  sets. 

If  you  get  a  message  like  'NOT  ENOUGH  SPACE  ON  DRIVE  X',  you 
can  overcome  that  using  one  of  the  following: 

1 .  If  you  have  already  run  another  method  for  that 
problem,  choose  that  method  again,  and  erase  its  set  file. 

2.  Change  problem,  choose  one  from  the  directory  that  you 
do  not  need,  delete  it,  and  then  choose  again  the  problem 
you  want  to  work  on. 

File:  HELPS.TXT 

HELP    FOR    SENSITIVITY    ANALYSIS 

CONTROL  STRATEGY 

Control  strategy  helps   you   determine   the   optimal  control 

alternative   from   all   the  possible  combinations  of  control 

activities,   or  the   best  one,   according  to   the  cost  range 

you  are  asked  to  specify. 

GRAPHICS 

You   can   generate   curves   and   histograms  representing  the 

relations  between   BENEFIT  COST   RATIO  and   COST,  or  between 

TOTAL  EXPECTED  COST  and  COST. 

REPORTS 

You  can  have  a   hardcopy  of  the   exposures   or    controls  in 

tabular  format,  and  a  listing  of  the  set  files. 
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File:  HELPB.TXT 

HELP    FOR    CONTROL    STRATEGY 

MOST  EFFECTIVE  ALTERNATIVE 

The     most   effective   alternative   is   the   one  that  it  is 

expected  to  minimize  the  total  expected  cost. 

MOST  COST  EFFECTIVE  ALTERNATIVE 

The    most  cost   effective  alternative  is  the   one  that  will 

return  the  highest  benefit  per  dollar  spent. 

File:  HELPG.TXT 

HELP    FOR    GRAPHICS 

You  can  print  the  curves  or  histograms  by   using  the  CPrtScD 

key.  Be   sure    that    your   printer  is  ON.   The  system  will 

switch   it  to  the  graphics  mode. 

Curves  and   Histograms  represent   relations  of    Cost  versus 

Benefit  Cost  Ratio  and  Cost  versus  Total  Expected  Cost. 

Each  curve   can  hold   up  to    200   control  sets  to  be  drawn, 

and  each  histogram  ut  to  24. 

You  will  be  asked   to  give   the    Cost  Range   over  which  the 

graph  will   be  done.   If  the  number  of   control  sets   within 

the  selected  range  exceeds  the  above  limits,  the  system  will 

adjust  the  range. 

File:  HELPP.TXT 

HELP    FOR    PRINT    REPORTS 
YOUR  PRINTER   MUST  BE   ON-LINE  BEFORE   YOU  TRY   TO  PRINT  ANY 
REPORT 

You  must  have  set  the  top  of  form  properly  and  use  page 
length  11  inches  in  order  the  reports  to  be  printed 
correctly . 
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APPENDIX  C 


THE  PROGRAM  LISTING 


(»  *) 

(*  DECISION  SUPPORT  SYSTEM                   ») 

(  »  *> 

(*  A  COST-EFFECTIVENESS  ANALYSIS               *) 

(*  FOR                              »> 

<*  CONTROL  AND  SECURITY  OF  COMPUTER  SYSTEMS          *) 

<*  *) 

<*  FILE   DSS.PAS                        *) 

<»  »> 
(»**»****#*»»»»******»»***»»**»»**»****»»*»•*****»***»*»***.) 

PROGRAM  CEA-DSS; 
{SA+,I-,R-,V-} 

const 

<*  TURBO  ACCESS  CONSTANTS  *) 

maxrecsize  =  220; 

maxdatarecsize  ='  maxrecsize; 

maxkeylen  =  11; 

pagesize  =  128; 

order  =  64; 

pagestacksize  =  16; 

maxheight  =  5; 

var 

noofrecs  :  Integer; 

<»  INCLUDE  FILES  *) 

(SIACCESS.BOX) 

(SIGETKEY.BOX) 

(SIADDKEY.BOX) 

{5IDELKEY.B0X) 

(SITYPEDEF.SYS) 

CSIGRAPHIX.SYS) 

(SIKERNEL.SYS) 

(SIWINDOWS.SYS) 

(SIHATCH.HGH) 

(SITYPEDEF.DSS) 

(SIUTILITY.BOX) 
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(SIAXIS.HGH) 

(SIPOLYGON.HGH) 

(SIHISTOGRM.HGH) 

(SIMENUS.DSS) 

(SIFORMATS.DSS) 


-   FIRST  OVERLAY 


(SIHELP.DSS) 


(SIDATABASE.DSS) 

(SIMODEL.DSS) 

(SISENSANAL.DSS) 


SECOND  OVERLAY 


<*  WAIN  PROGRAM  *> 

BEGIN 

textmode; 
textcolor  <x) ; 
textbackground(z) ; 
help( 'I' ) ; 
ans  : =  '  ' ; 
makef rame; 
putdate; 
flag  : =  true; 
database; 


while   ans  <>  '5'   do 
begin 

raainmenu; 

if   flag   then 

select ( 'SELECT  1,2  or  5  :  ' , [ ' 1 ' , ' 2' , ' 5' ] , ans ) 
else 

select < 'SELECT  1,2,3,4  or  5  :  ' , C ' 1 ' . . ' 5' ] , ans) ; 
case  ans  of 
'1'  :  help('M'); 
'2'  :  database; 
'3'  :  model; 

'4'  :  sensitivityanalysis 
end  (of  case) 
end;  (of  while] 


clrscr ; 

gotoxy (15, 12) ; 

write('**»**  END  OF  THE  DECISION  SUPPORT  SYSTEM  **»*»') 

wait ; 

textcolor  < 15) ; 

textbackground (0) ; 

clrscr 


END 
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(»  ») 

<»  TYPE  DECLARATIONS  *) 

(*  ») 

<*  FILE   TYPEDEF.DS5  *> 

(»  *) 

(it*********************************************************) 


const 

maxctrl 
maxexp 

z 

X 


13;  {  maximum  number  of  control  activities  } 

24;  (  maximum  number  of  exposures  } 

0;  (standard  text  background) 

14;  (standard  text  color) 


type 

chset  =  set  of  char; 


str2 

str5 

str8 

strlO 

str25 

str40 

str50 

atr80 

anystr 


stri 
stri 
stri 
stri 
stri 
stri 
stri 
stri 
stri 


ngC2]  ; 
ngC53  ; 
ngC8)  ; 
ngC103 ; 
ngC25) ; 
ng  C403  ; 
ngC50) ; 
ngC80] ; 
ngC255) ; 


ctrlrange  =  0 
exprange   =  0 


maxctrl ; 
maxexp; 


exposure       =  record 

index         :  str2; 

description  :  str50; 

damage       :  str8; 

probability  :  str5; 

smallest, 

mostlikely , 

largest      :  str8; 

rankP, 

rankQ        :  str5 
end; 


eff 

ctrleff 

control 

index 

description 

cost 

effect 
end; 


array  CI . .maxexp)  of  string C53; 

array  CI .. maxctrl )  of  eff; 

record 

str2; 

str50; 

str8; 

eff 
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controlmatrix  =  array  CI . .maxctrlD  of  control; 
combinationindex  =  array  CI .. maxctrl ]  of  str2; 


setrec 

setcomb 
Vk,Lk,Ck, 
Nk,TCk 
BCR 
end; 


record 
combinationindex 

strlO; 
str5 


problemrec 
problemname 
creator 
date 

wcomb , pcomb , 
rcomb 
wtotcoat, 
ptotcoat, 
rtotcost 
end; 


record 
str8; 
str25; 
strlO; 

combinationindex; 


strlO 


var 

filel,  file2 

indexl , index2 

f  1 

expsr 

Ctrl 

st 

problem 

cproblem 

wcombindex, 

pcombindex, 

rcombindex , 

comb 

ce 

cc 

ctr lmatrix 

totaloss, 

totalcost , 

wtotalcost , 

ptotalcost , 

rtotalcost 

expno 

ans,  tc 

dr 

flag 


dataf ile ; 
indexf ile; 
file; 
exposure; 
control ; 
setrec; 
problemrec; 
str8; 


combinationindex ; 

ctr lef f ; 

array  CI .. maxctrl]  of  str8; 

controlmatrix; 


real ; 
integer ; 
char ; 
str2; 
boolean; 
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( »  *) 

<*  UTILITY. BOX                           ») 

(*  *) 

<*  The  utility  box  contains  all  the  procedures  and     *) 

<*  functions   which   are  commonly   used  by  all  the     *) 

<*  modules  of  the  system.                               ») 

<*  *> 


<*  upcasestr  converts  a  string  to  upper  case 

function  upcasestrCs  :  str80)  :  str80; 

var 

p  :  integer; 


begin 

for  p  :=  1  to  length(s)  do 
sCp]  :=  upcaseCs [p] ) ; 

upcasestr  :=  s; 
end; 


<*  conststr  returns  a  string  with  N  characters  of  value  O) 

function  conststr <c  :  char;  n  :  integer)  :  str80; 

var 

s  :  string [803 ; 

begin 

if   n  <  0   then 
n  :  =  0; 

s  COD  : =  chr <n> ; 

f illchar (sCl] ,n,c) ; 

conststr  : =  s; 
end ; 


<*  getvalue  returns  the  ASCII  value  of  a  string  ») 

function  getvalue(s  :  anystr)  :  integer; 

var 

i,  total  :  integer; 

begin 

total  :=  0; 

if   length(s)  >  0   then 

for   i  : =  1  to  length(s)  do 

total  :=  total  +  ord (copy <s, i , 1) ) ; 
getvalue  :=  total 
end ; 
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(*  strtoreal  returns  a  real  number  equivalent  to  a  string  *) 

function   strtoreal <s  :  strlO)  :  real; 

var 

t  :  integer; 

r  :  real; 

begin 

val <s,r , t) ; 

strtoreal  : =  r 
end; 


<*  realtostr  returns  a  string  equivalent  to  a  real  number  *) 

function   realtostr(r  :  real)  :  strlO; 

var 

s  :  string [10] ; 

begin 

f illchar  <s, sizeof  <s) ,0) ; 

str (r , s) ; 

realtostr  :=  s 
end; 


<*  strtoint  returns  an  integer  equivalent  to  a  string  *) 

function   strtoint(s  :  str2)  :  integer; 

var 

i  ,  3  :  integer ; 

begin 

val <s, i , j ) ; 

strtoint  : =  i 
end ; 


<*  intostr  returns  a  string  equivalent  to  an  integer  ») 

function   inttostr(n  :  integer)  :  str2; 

var 

a  :  string [2] ; 

begin 

f illchar <s, 2,0) ; 

str  <n, s) ; 

inttostr  : =  s 
end ; 
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<»  adjuststr  removes  any  leadind  spaces  from  a  string  «) 

procedure   ad]uatatr(var  s  :  anystr); 

begin 

while   sCl]  =  '  '   do 
if   sCl]  =  '  '   then 
delete ( s , 1,1); 
end; 


(*  the  system  waits  for  the  user  *) 

procedure   wait; 

var 

ch   :  char; 

i,3  :  integer; 

begin 

textcolor  < 15) ; 

gotoxy <2, 23) ;  write<conststr ( '  ',53)); 

gotoxy (3, 23) ;  write< 'press  any  key..'); 

for   i  : =  1  to  3   do 

begin 

3  :=  sqr(  random  <  30)  ) -»-300; 
sound(j);  delay<300) 

end; 

nosound; 

read (kbd, ch) ; 

gotoxy  (3,23)  ;  writeC  '); 

textcolor  <x) 
end; 


<*   Beep  sounds  the  terminal  bell  or  beeper  *) 

procedure  beep; 

begin 

sound<680);  delay(400);  nosound 
end; 


<*  inputstr  is  used  for  the  entry  and  validation  of  data. 
It  enables  also  the   use  of  the  cursor   movement  keys 
char-left,  char-right  and  del.  of  the  keyboard.        *) 

procedure  inputstrCvar  s      :  anystr; 


1 , i , 3  :  integer; 
term   :  chset; 
var  tc     :  char     ) ; 


label 

again ; 
var 

valid  :  set  of  char; 

value , 

p,  n   :  integer; 

ch     :  char; 
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begin 

textbackground ( 14 ) ; 

textcolor <0) ; 

tc  :=  #0; 

valid  :=  term  ♦  [#8, #13, #27] ; 

again : 

gotoxy ( i , j ) ;  write( s, conststr ( '  ' , 1-length (3) ) ) ; 

P  :=  0; 

repeat 

gotoxy < i+p, J ) ;  read (kbd, ch) ; 
if   not  (ch  in  valid)   then 

beep 
else 
begin 

if   (ch  in  term)  and  (p  <  1)   then 
begin 

p  :-  p  +  1; 
delete(s, 1,1); 
insert (ch, s, p) ; 
write (copy (s,p,l) ) 
end; 

if   (ch  =  #8)  and  (p  >=  length(s))  and  <p  >  0)  then 
begin 

delete (s, p, 1 ) ; 
P     :=  p  -  1; 
gotoxy  (  i+p,  3  )  ;  writeC  ') 
end; 

if   (ch  =  #27)  and  keypressed   then 
begin 

read (kbd ,ch) ; 

if   ch  =  'K'   then 

begin 

if   p  >  0   then 

p  :=  p  -  1 
else 
beep 
end; 
if   (ch  =  'M')  and  (p  <  length(s))   then 

p  :■  p  +  1; 
if   (ch  =  '5')  and  (p  <  length(s))   then 
begin 

delete  (s,p-«-l ,  1 )  ; 
write(copy (s,p+l , 1) , '  ' ) 
end; 

if   ch  in  t'H'/P']   then 
begin 

tc  :=  chrdOO  +  ord(ch)); 

P  :=  1 
end 
end 
end 

until   (ch  =  #13)  or  (p  =  1); 
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if   ch  =  #13   then 

tc  :=  ch; 
value  :=  getvalue(s); 
n  : =  32  *  length(a); 

if   (value  <=  n)  and  (ch  <>  'H')   then 
begin 

beep; 

tc  :=  #0; 

goto  again 
end; 

ad]uatstr(3); 
textbackground (z) ; 
textcolor (x) 
end;  (inputstr) 


(*  action  writes  on  the  frame  the  current  action  *) 

procedure  action(s  :  str40) ; 

begin 

textcolor (2) ; 

gotoxy (39,4) ;  write (conststr ( '  ',40)); 

gotoxy (39, 4) ;  write(s); 

textcolor (x) 
end; 


procedure   clearmessage; 
begin 

gotoxy (2, 12) ;  write(conststr ( '  ',78)) 
end ; 


(*  message  writes  a  string  at  the  center  of  the  frame  *> 

procedure   message(s  :  str80); 

var 

i  :  integer; 
begin 

clearmessage; 

textbackground (0) ; 

textcolor (31 ) ; 

i  :=  trunc((80  -  length (s) ) /2 ) ; 

gotoxy ( i , 12) ;  write (copy (s, 1 , length (s) ) ) ; 

beep; 

textbackground (z) ; 

textcolor ( x) 
end ; 

i 
procedure  clearselect; 
begin 

gotoxy (2,23) ;  write ( conststr ( '  ',53)) 
end  ; 
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(»  select  writes  the  command  line  at  the  bottom  of  the 

frame  and  accepts  the  selection  *) 

procedure  select (     prompt  :  str80; 

term    :  chset; 


var  tc      :  char     ) ; 


var 

ch  :  char; 


begin 

clearselect; 

textcolor < 15) ; 

gotoxy (4, 23) ;   write (prompt ) ; 

textbackground  <  30 ) ; 

gotoxy (5+length (prompt ), 23) ;  writeC  '); 

gotoxy (5+length (prompt ) ,23) ; 

textbackground (z) ; 

textcolor(x) ; 

repeat 

read (kbd , ch) ; 
tc  :=  upcase(ch); 
if   not  (tc  in  term)   then 
beep ; 
until  tc  in  term; 
write ( tc) 
end; 


(*  cleartext  clears  the  work  area  of  the  frame  *> 

procedure  cleartext; 

var 

i  :  integer; 
begin 

for   i  :=  10  to  21   do 

begin 

gotoxy (  2  ,  i  )  ; 
write(conststr ( '  ',78)) 

end 
end ; 


procedure  clearframe; 
var 

i:  integer; 
begin 

for   i  : =  6  to  9   do 

begin 

gotoxy ( 2 , i ) ; 
write(conststr ( '  ',78)) 

end ; 

cleartext ; 

clearselect ; 
end ; 
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procedure   clearproblem; 
begin 

gotoxy ( 13,4) ;  write<conststr < '  ',8)) 
end; 


<»  problemfield  writes  the  problem  description  in  the 

problem  area  of the  frame  *) 

procedure   problemfield (s  :  str8) ; 
begin 

clearproblem; 

textcolor <2) ; 

gotoxy (13,4) ; 

write(s) ; 

textcolor (x) 
end; 


<*  funckey  helps  in  using  the  cursor  movement  keys 

line-up, line  down, and  enter  of  the  keyboard  *) 

procedure  funckey(ch  :  char;  var  i  :  integer); 
begin 

if   ch  >  #126   then 

ch  :=  chr (ord(ch) -100) ; 
if   ch  =  'P'   then 

i  :  =  i  +  1 ; 
if   ch  =  'H'   then 
begin 

if   i  =  1   then 

beep 
else 

i  :=  i  -  1 
end ; 

if   ch  =  #13   then 
i  :  =  i  +  1 
end ; 


(*  avai lablespace  returns  the  available  space(bytes) 
of  the     logged  drive.  *) 

procedure  spaceavailable (  var  totalbytes  :  real  ); 
type 

regrec  =   record    (  register  pack  Used  in  MSDos  call  ) 
AX,  BX,  CX,  DX,  BP,  SI,  DI,  DS ,  ES,  Flags  :  integer 
end; 
var 

tracks, 

drive, 

bytes , 

sectors     :  integer; 

regs        :  regrec; 

ch  :  char; 
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procedure  diskstatus(  drive  :  integer;   var  tracks, 

bytes,  sectors  :  integer  ) ; 
begin 

regs.AX  :=  S3600; 

regs.DX  :=  Drive; 

MSDos  <  regs  ) ; 

tracks  :=  regs.BX; 

bytes  :=  regs.CX; 

sectors  :=  regs.AX 
end; 
begin 

ch  :=  copy (dr , 1 , 1) ; 

drive  :=  ord(ch)  -  64; 

diskstatusC  drive,  tracks,  bytes,  sectors  ); 

totalbytes  :=  (<  sectors  *  bytes  *  1.0  )  *  tracks  ) 
end; 


procedure  getdate(  var  date  :  strlO  ); 
type 

regrec  =   record    {  register  pack  Used  in  MSDos  call  } 
AX,  BX,  CX,  DX,  BP,  SI,  DI,  DS ,  ES ,  Flags  :  integer 

end; 
var 

regs   :  regrec; 

mm,dd  :  stringC2D; 

yy     :  string  C4]  ; 
begin 

regs. ax  :=  S2A  shl  8; 

msdos (regs) ; 

str  <  regs . ex , yy ) ; 

str(regs.dx  mod  256, dd); 

strCregs.dx  shr  8, mm); 

date  :=  mm+'/'+dd*'/'t-yy 
end; 


<*  putdate  writes  the  date  at  the  lower  right  corner 

of  the  frame  *  ) 

procedure  putdate; 
var 

date  :  string C103; 
begin 

textbackground ( 3) : 

textcolor (0) ; 

getdate (date) ; 

gotoxy (68,23) ;  write(date); 

textbackground (z) ; 

textcolor ( x) 
end; 
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(»  *) 

(*  MENUS. DSS  ») 

( *  *) 

(  »**»»»*****»**•**»***«■***»***#**»»»**»**»•»****«-**«**•**#***  ) 


overlay  procedure  mainmenu; 
begin 

clearf rame; 

actionCMAIN  MENU'); 

gotoxy(20,  7); 

writeCMAIN  MENU  OPTIONS:'); 

gotoxy (20, 10) ; 

writeCl.   HELP'); 

gotoxy (20, 12) ; 

write('2.   UPDATE   FILES   OR   CHANGE   PROBLEM'); 

gotoxy (20, 14) ; 

write('3.   RUN   THE   COST   EFFECTIVENESS   MODEL'); 

gotoxy (20, 16) ; 

write('4.   SENSITIVITY  ANALYSIS  OF  ALTERNATIVES'): 

gotoxy (20, 18) ; 

write('5.   EXIT   TO   DOS'); 
end  ; 


overlay  procedure   dbasemenu; 
begin 

clearf rame; 

action ( 'DATABASE' ) ; 

gotoxy (26,  7)  ; 

writeCDATABASE  MENU  OPTIONS:'  >: 

gotoxy ( 26, 10) ; 

writeCl.   HELP'); 

gotoxy ( 26, 12) ; 

write('2.   CHANGE   PROBLEM'); 

gotoxy (26, 14) ; 

write('3.   DELETE   CURRENT  PROBLEM'); 

gotoxy ( 26, 16) ; 

write('4.   UPDATE   EXPOSURE   FILE'); 

gotoxy (26, 18)  ; 

write('5.   UPDATE   CONTROL    FILE'); 

gotoxy (26, 20) ; 

write('6.   RETURN   TO   MAIN   MENU'); 
end  ; 
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overlay  procedure   modelmenu; 
begin 

clearframe; 

action ('MODEL' ) ; 

gotoxy (25,  7) ; 

write( 'MODEL  MENU  OPTIONS:'); 

gotoxy(25,10) ; 

writeCl.   HELP'); 

gotoxy(25, 12) ; 

write('2.   RUN 

gotoxy (25, 14) ; 

write('3.   RUN 

gotoxy (25, 16) ; 

write('4.   RUN 

gotoxy (25, 18) ; 

write('5.   RUN 

gotoxy (25,20) ; 

write('6.   RETURN 
end ; 


THE   WEIGHTED 


THE   P.E.R.T 


THE   RANKING 


ALL   THE 


TO   MAIN 


METHOD' ) ; 
METHOD' ) ; 
METHOD' ) ; 
METHODS' ) ; 
MENU' ) ; 


overlay  procedure   sensanalmenu; 
begin 

clearframe; 

action( 'SENSITIVITY  ANALYSIS'); 

gotoxy (28,  7) ; 

write( 'SENSITIVITY  .ANALYSIS  MENU  OPTION: 

gotoxy (28, 10) ; 

writeCl.   HELP'); 

gotoxy (28, 12) ; 

write('2.   FIND 

gotoxy (28, 14) ; 

write('3.   GENERATE 

gotoxy (28, 16) ; 

write('4-   PRINT   REPORTS') 

gotoxy (28, 18) ; 

write('5.   RETURN   TO   MAIN 
end  ; 


CONTROL   STRATEGY'); 
GRAPHICS' ) ; 

MENU' ) ; 
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overlay  procedure   controlstrategymenu; 
begin 

clearf rame; 

action( 'SENSITIVITY  ANALYSIS  /  CONTROL  STRATEGY'); 

gotoxy (15,  7)  ; 

write ('CONTROL  STRATEGY  MENU  OPTIONS:'); 

gotoxy (15, 10) ; 

writeCl.   HELP'); 

gotoxy ( 15, 13) ; 

write('2.    FIND    THE    MOST    EFFECTIVE   CONTROL   SET'); 

gotoxy (15, 16) ; 

write('3.   FIND    THE    MOST    COST    EFFECTIVE   CONTROL', 

'  SET'); 

gotoxy (15, 19) ; 

write('4.      RETURN     TO    SENSITIVITY   ANALYSIS   MENU'); 
end; 


overlay  procedure   graphicsmenu; 
begin 

clearf rame; 

action( 'SENSITIVITY  ANALYSIS  /  GRAPHICS'); 

gotoxy (21,  7) ; 

write( 'GRAPHICS  MENU  OPTIONS:'); 

gotoxy (21, 10) ; 

writeCl.   HELP'); 

gotoxy (21, 13) ; 

write('2.   DRAW   REPRESENTATIVE   CURVES'); 

gotoxy (21, 16) ; 

write('3.   DRAW   REPRESENTATIVE   HISTOGRAMS'); 

gotoxy (21, 19) ; 

write('4.   RETURN  TO  SENSITIVITY  ANALYSIS  MENU'); 
end; 


overlay  procedure   printmenu; 
begin 

clearf rame; 

action( 'SENSITIVITY  ANALYSIS  /  PRINT  REPORTS'); 

gotoxy (19,  7) ; 

write( 'PRINT  REPORTS  MENU  OPTIONS:'); 

gotoxy (19, 10) ; 

writeCl.  HELP'); 

gotoxy (19, 12) ; 

write('2.  PRINT     EXPOSURE     EXPECTED     LOSS    TABLE'); 

gotoxy (19, 14) ; 

write('3.  PRINT   CONTROL   EFFECTIVENESS   TABLE'); 

gotoxy (19, 16) ; 

write('4.  PRINT   SET   FILES'); 

gotoxy ( 19, 18) ; 

write('5.   RETURN     TO     SENSITIVITY    ANALYSIS   MENU'); 
end ; 
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(*  * 

(*  FORMATS    DSS  * 

(*  * 

(it********************************************************* 


( *  makef rame  w 
the  identif 

procedure  make 

var 

i  :  integer 

begin 

clrscr ; 
gotoxy<  1,1 
gotoxy (80, 1 
gotoxy(  2,1 
gotoxy (  1,2 
gotoxy (80,2 
gotoxy<  1,3 
gotoxy (80, 3 
gotoxyC  2,3 
gotoxy (25,3 
gotoxy <  1,4 
gotoxy (25, 4 
gotoxy (80,4 
gotoxy(  1,5 
gotoxy (80,5 
gotoxy (  2,5 
gotoxy (25, 5 


rites  the  frame  of  the  system  along  with 
ication  of  each  area  *) 

frame; 


>, 

;   write 

) 

:   write 

> , 

:   write 

)  1 

;   write 

) 

:   write 

)  ; 

:   write 

)  , 

:   write 

)  ; 

:   write 

)  , 

:   write 

)  ; 

:   write 

)  , 

:   write 

)  , 

:   write 

) 

;   write 

)  , 

;   write 

) 

:   write 

)  , 

:   write 

for   l  :=  6  to  21 
begin 

gotoxy (  1  ,  i  )  ; 

gotoxy (80, i  )  ; 
end; 


(chr (201) ) ; 

(chr (187) ) ; 

(conststr (chr (205) ,78) ) ; 

(chr(186) ) 

(chr(186) ) 

(chr (204) ) 

(chr(185) ) 

(conststr (chr (205) ,78) ) ; 

(chr(203) ) 

(chr (186) ) 

(chr (186) ) 

(chr (186) ) 

(chr (204) ) 

(chr (185) ) 

(conststr (chr (205) ,78) ) ; 

(chr (202) ) ; 


do 

write(chr(186) ) ; 
write(chr (186) ) 


gotox 
gotox 
gotox 
gotox 
gotox 
gotox 
gotox 
gotox 
gotox 
gotox 
gotox 
textc 


y(  1 
y(80 
y(  2 
y(55 
y(  1 
y(55 
y(80 
y(  1 
y(80 
y(  2 
y(55 
olor 


,22) 
,22) 
,22) 
,22) 
,23) 
,23) 
,23) 
,24) 
,24) 
,24) 
,24) 
(3)  ; 


write(chr (204) ) ; 

write(chr (185) ) ; 

wr  i te ( conststr ( chr ( 205 ) ,78) ) ; 

write(chr (203) ) 

write(chr(186) ) 

write(chr (186) ) 

write(chr ( 186) ) 

write(chr(200) ) 

write(chr (188) ) 

write(conststr (chr (205) ,78) ) ; 

write(chr (202) ) ; 
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gotoxy (8,2) ; 

write( 'EFFECTIVENESS   OF   CONTROL   AND   SECURITY   OF', 

'  COMPUTER   SYSTEMS'); 
gotoxy<  4,  4);  write (' PROBLEM :') ; 
gotoxy (31,  4);  write (' ACTION: ') ; 

gotoxy(58,23) ;  write (' Today  la:');  textcolor(x) 
end; 


write < ' Index: ' ) ; 
write< 'Description: ' ) ; 
write ( ' WEIGHTED : ' ) ; 
write < ' Damage :  $'  )  ; 
write < 'Probability: ' ) ; 
writeCP.E.R.T:  '  )  ; 
write ( ' Smallest :S' ) ; 
writeCMost  Likely:$'); 
write < ' Largest: $'  )  ; 
writeC 'RANKS: ' ) ; 
write< 'Rank  P: ' ) ; 
writeC ' Rank  Q: ' ) ; 
gotoxy <  5, 13) ; 
Damage  caused  by  error' ) ; 


(*  exposureform  writes  the  field  descriptions  for  the 
exposure  record  and  one  table  which  helps  the  user 
to  fill  the   fields  of  the   ranking  method.   It  is 
used  by  the  database  for  updating  exposures.        *) 
procedure  exposureform; 
begin 

clearf rame; 

gotoxy<  3,  6) 

gotoxy(16,  6) 

gotoxy(  5,  8) 

gotoxy(15,  8) 

gotoxy(36,  8) 

gotoxy (  5,10) 

gotoxy (15, 10) 

gotoxy (36, 10) 

gotoxy (60, 10) 

gotoxy(  5,12) 

gotoxy (15,12) 

gotoxy (36, 12) 

textcolor (7) ; 

write('Rank  P 

gotoxy (45, 13) ; 

write('Rank  Q  Damage  caused  by  failure'); 

gotoxy (  8,14); 

write('0    virtually  impossible'); 

gotoxy (48, 14) ; 

writeCO    negligible'); 

gotoxy (  8,15); 

write('l    might  happen  once  in 

gotoxy (48, 15) ; 

writeC  1    about  $10'); 

gotoxy (  8,16); 

write('2    might  happen  once  in 

gotoxy (48, 16) ; 

write('2    about         $100'); 

gotoxy (  8,17); 

write('3    might  happen  once  in 

gotoxy (48, 17) ; 

write('3    about       $1,000'); 

gotoxy (  8, 18) ; 

write('4    might  happen  once  in 

gotoxy(48, 18) ; 

write('4    about      $10,000'); 


400  years' ) ; 


40  years' ) ; 


4  years' ) ; 


100   days' ) ; 
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gotoxy (  8,19); 

write('5    might  happen  once  in   10   days'); 
gotoxy (48, 19) ; 

write('5    about     $100,000'); 
gotoxy (  8,20); 

write('6    might  happen  once  in    1    day'); 
gotoxy (48, 20) ; 

write('6    about   $1,000,000'); 
gotoxy <  8,21); 

write('7    might  happen  ten   times  a   day'); 
gotoxy (48,21) ; 

write('7    over    $1,000,000'); 
textcolor (x) 
end; 


<*  exposuref ields  gives  in  inversed  video 

to  be   filled  for  the  exposure  record 
procedure  exposuref ields; 
begin 

gotoxy (9, 6);  writeC'   '); 

text background ( 14) ; 

textcolor(O) ; 


the  fields 


gotoxy(28,  6) 
gotoxy(23,  8) 
gotoxy(48,  8) 
gotoxy (25, 10) 
gotoxy (49, 10) 
gotoxy (69, 10) 
gotoxy (22, 12) 
gotoxy (43, 12) 
textbackground (z) ; 
textcolor (x) 
end; 


write(conststr ( '  ',50)) 
write(conststr ( '  ',8)); 
writeCO.  '); 
write (conststr ( '  ',8)); 
write ( conststr ( '  ',8)); 
write(conststr ( '  ',8)); 
writeC  .  '); 
writeC  .    '); 


») 


integer) ; 


(*  controlform  writes  the  field  descriptions  for  the 
control  record.  The  number  of  its  fields  depends  on 
the  number  of  exposures.  It  is  used  by  the  database 
for  updating  controls.  *) 

procedure  controlform (  var  expno 
var 

i  :  integer; 
begin 

clearf rame; 
gotoxy (  3,  7) ; 
gotoxy (16,  7) ; 
gotoxy (22,  8); 


write ( ' Index : ' ) ; 
write( ' Description : ' ) ; 
write( 'Cost:$' ) ; 


for   i  : =  1  to  expno   do 
begin 

if   i  <=  12   then 
gotoxy (3, 9+i ) 
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else 

gotoxy <43,i-3) ; 
write( ' Effectiveness  on  Exposure  ',i:2,':') 
end;  (of  for) 
end; 


(*  controlf ields  gives  the  fields  to  be  filled 

for  the   control  record  in  inversed  video  ») 

procedure  controlf ields (expno  :  integer); 
var 

i  :  integer; 
begin 

gotoxy<9,7);  writeC   '); 

textbackground  < 14) ; 

textcolor(O) ; 

gotoxy (28,  7);  write (conststr < '  ',50)); 

gotoxy (28,  8);  write(conststr('  ',8)); 

for   i  : =  1  to  expno   do 

begin 

if   i  <=  12   then 

gotoxy <33,9+i ) 
else 

gotoxy <73, i-3) ; 
writeCO.    '); 
end;  (of  for) 
textbackground <z) ; 
textcolor (x) 
end; 
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(»  *) 

<*  DATABASE. DS5  *) 

<»  ») 

<*    This  is  the  database  of  the  system  and  performs  all   ») 
<»    the  functions  contained  in  the  dbasemenu.  ») 

(  *»»*#»*•******»»»»»»»»»»*«■»»*■**»****»*#»*»*«»»*»***»»»#*•»*  ) 


overlay  procedure  database; 
label 

cancel ; 
var 

ans    :  char; 

next   :  integer; 

<*  makeproblem  creates  the  control  and  exposure  files 
for  each  new  problem  and  puts  the  problem  description 
in  the  problem  area  of  the  frame.  * ) 

overlay  procedure  makeproblem (s  :  strS); 
begin 

clearf rame; 

problemf ield (s) ; 

actionCNEW  PROBLEM'); 

messageC 'CREATING     EXPOSURE     AND     CONTROL    FILES'); 

delay (2000) ; 

makef ile(f ilel ,dr+s+' .dxp' , sizeof (expsr ) ) ; 

make index ( index 1 ,dr+s+' . ixp' , sizeof (expsr . index) , 0) ; 

closef ile(f ilel ) ; 

closeindex< indexl ) ; 

makef ile(f ilel ,dr+s+' .del' , sizeof (ctrl ) ) ; 

makeindex<  indexl , dr+s* '  .icl' , sizeof (ctrl . index) ,0) ; 

closef ile(f ilel) ; 

closeindex( indexl ) ; 
end; 

(»  deleteproblem  deletes  all   the  files   referred  to  the 

current  problem,   removes   its  description   from  the 
problem  area  and  removes  also  the  record   referred  to 

that  from  the  directory  of  the  system.  *) 

overlay  procedure  deleteproblem (s  :  str8) ; 

var 

i  :  integer; 

begin 

clear message; 

clearselect ; 

action( 'DELETING  PROBLEM'); 

assign  (fl,dr-*-s  +  '  .dxp'  )  ; 

erase (f 1 ) ; 
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assign (fl,dr+s+' .ixp' ) ; 

eraseCf 1 ) ; 

assign(fl,dr+s+' .del' ) ; 

erase (f 1 ) ; 

assign(fl,dr+s+' .  icl ' ) ; 

eraseCf 1 ) ; 

openf ile (f ilel ,dr+5+ ' . wdt' , sizeof (st) ) ; 

if   ok   then 

begin 

closef ile<f ilel) ; 

assign(fl,dr+a+' .wdt' ) ; 

eraseCf 1) ; 

assign (fl,dr+s+' .wic' ) ; 

eraseCf 1 ) 
end; 

openf ile(f ilel ,dr+s+ ' .pdt' , sizeof (st) ) ; 
if   ok   then 
begin 

closef ile (f ilel ) ; 

assign (fl,dr+s>' .pdt' ) ; 

eraseCf 1 ) ; 

assign (f 1 , dr+s+ ' .pic' ) ; 

erase  <  f 1 ) 
end; 

openf ile (f ilel ,dr*s+ ' . rdt' , sizeof (st > ) ; 
if   ok   then 
begin 

closef ile(f ilel) ; 

assign(fl,dr  +  s+' .rdt'  )  ; 

erase (f 1 ) ; 

assign (f 1 ,dr+s+ ' . ric' ) ; 

erase ( f 1 ) 
end; 

<*  delete  the  directory  of  the  current  drive  if  it 

does  not  contain  onother  problem  *) 

openf i le ( f i le2, dr+ ' problem . dta ' , sizeof (problem) ) ; 
if   usedrecs (f ile2)  >  1   then 
begin 

initindex ; 

open index ( index2 ,dr+' problem . idx' , sizeof (cproblem) , 0) ; 

deletekey (index2,i,s); 

deleterec (file2,i); 

closef i le (file2) ; 

close index ( index2) 
end 
else 
begin 

closef ile (file2) ; 

assign ( f 1 , dr+ ' problem . dta' ) ; 

erase (f 1 )  ; 

assign ( f 1 ,dr + ' problem . idx'  )  ; 
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erase ( f 1 ) 
end; 

clearproblem 
end; 


(*  updatecontrol  adds,  deletes,  edits  and  scrolls 

the  file  of  the  controls  data.  *) 

overlay  procedure   updatecontrol (  cproblem   :  str8; 

expno  :  integer  ) ; 
label 

cancel ; 
var 

rn,i,t   :  integer; 


idx      :  string  C2]  ; 
ans      :  char; 


<*   writecontrol  writes  the  content  of  a  control  record 

on  the   input/output  control  form.  *) 

procedure  writecontrol (ctrl   :   control;   expno   :  integer) 
var 

i  :  integer; 
begin 

controlf ields (expno) ; 
with   ctrl   do 
begin 

gotoxyO,  7);  write  <  index)  ; 

textbackground ( 14) ; 

textcolor (0) ; 

gotoxy(28,  7);  write ( description) ; 

gotoxy(28,  8);  write (cost) ; 

for   i  : =  1  to  expno   do 

begin 

if   i  <=  12   then 

gotoxy(33,9-»-i) 
else 

gotoxy (73, i-3> ; 
write(effect  Ci]  ) 
end 
end; 

textbackground (z) ; 
textcolor ( x ) 
end; 
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char; 
integer; 
string  121 ; 
string  [3] ; 
chset ; 


Ctrl   do 
tc  <>  'Y' 


do 


(*  IOcontrol  reads  input  data  from  the  screen.  It  is 

used  for  adding  and  editing  controls.  *) 

procedure  IOcontrol (var  Ctrl   :  control; 

ch     :  char; 
expno  :  integer  ) ; 
var 
tc 

i, 3 ,n, ti 
tl 
t2 
s 
begin 

f illchar(tl, sizeof (tl) ,0)  ; 

tl  :=  '0.'; 

s   :=  [#48. .#57] ; 

n   :=  2  +■  expno; 

tc  :  =  ' 

with 

while 

begin 

i  :=  1; 
case   ch   of 
'A'  :  begin 

fillchar (ctrl , sizeof (ctrl ) ,0) ; 
controlf ields (expno) ; 

index  :=  inttostr (usedrecs(f ilel ) +1 ) ; 
if   length ( index)  =  1   then 
insert ( ' 0' , index, 1 ) ; 
gotoxy(9,7);  write(index) 
end ; 
'E'  :  begin 

writecontrol (ctrl , expno) ; 
if   next  =  2   then 
i  : =  expno+2 
end 
end;  (of  case} 
repeat 

of 
input str (description , 50, 23, 7, 

[#32. .#126] ,tc) ; 
input str (cost , 8, 28, 8, s, tc) ; 
begin 

f illchar ( t2, sizeof (t 2) ,0) ; 
t2  :=  copy (effect [i-2] , 3, 5> ; 
input str ( t2, 3, 35, 7+i , s, tc) 
end; 
begin 

f illchar (t2, sizeof (t2) ,0) ; 
t2  :=  copy(effect [i-2] ,3,5) ; 
in put str (t2,3,75,i-5,s,tc) 
end 
end;  (of  case) 


case 
1 

2 
3 


14 


15 
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if   i  >  2   then 
begin 

if     <length<t2>   <   3)   and   (length<t2)  >  0>  then 

for  3  :=  length(t2)+l  to  3  do 

insertCO'  ,t2,3>  ; 
effect Ci-2]  :■  tl  t  t2 
end; 

ti  :=  i; 
f unckey (tc, i) ; 

if   (ti  =   i)   and   (chr (ord(tc) -100)   <>   'H')    then 
i  :=  i  ♦  1 
until   i  >  n; 
select  CIS  RECORD  CORRECT <  Y/N)  ?  :', 

['Y'/y'/N'/n'],tc); 
clearselect 
end  (of  while) 
end; 


(*  deletecontrol  deletes  the  current  control  record, 
if  there  are  more  than  two  controls  in  the  file, 
on  the  screen  and  adjusts  the  index  of  all  the 
successor  records  in  the  file.  *) 

procedure   deletecontrol <  s  :  str8;  idx   :  str2  ); 


var 

i ,t,rn 

:  integer; 

tc 

:  char; 

tdx 

:  string  C2]  ; 

begin 

clearf rame; 

if   usedrecs (f ilel )  =  2   then 

begin 

message  < ' SYSTEM    REQUIRES 

wait 
end 
else 
begin 

messaged******  DELETING 

deletekey ( index 1 ,rn,idx); 

deleterec (f ilel , rn) ; 

t  :=  strtoint < idx) ; 


CONTROLS 


AT   LEAST' ) ; 


CONTROL   '+idx+' 


if   t  <=  usedrecs <f ilel )   then 

with   ctrl   do 

begin 

f illchar < tdx, sizeof < tdx) ,0) ; 

tdx  :=  inttostr(t+l); 

if   length(tdx)  =  1   then 
insert( '0' ,tdx, 1 ) ; 

f indkey ( index 1 , rn, tdx) ; 
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repeat 

getrec(filel,rn,ctrl) ; 

t  :=  strtoint< index)  -  1; 

index  :=  inttostr(t); 

if   length (index)  =  1   then 

insert < '0' , index, 1) ; 
putrec(f ilel , rn,ctrl ) ; 
deletekey ( index 1 ,  rn, tdx)  ; 
addkey ( index 1 ,rn, index) ; 
next key < index 1 ,  rn, tdx) 
until   not  ok; 
closeindex ( indexl ) ; 
initindex; 

open  index  <  indexl ,  cproblem-*- '  .  icl '  ,  sizeof  (  index)  ,0) 
end  (of  if/with) 
end  (of  else) 
end; 


begin    {of  updatecontrol > 
controlf orm (expno) ; 
initindex; 

openf ile <f ilel ,dr+cproblem+ ' .del ' , sizeof (Ctrl > ) ; 
open index ( indexl , dr +cproblem+ ' . icl ' , sizeof (ctrl . index ) , 0) ; 
f illchar <  idx, sizeof  <idx) ,0) ; 
f il 1 char (ctrl , sizeof (ctrl ) ,0)  ; 
clearkey ( indexl )  ; 
if   next  <>  1   then 
begin 

next key ( indexl ,  rn, idx) ; 

if   ok   then 

begin 

getrec (f ilel , rn , ctrl ) ; 
writecontrol (ctrl , expno) 

end 

else   goto  cancel 
end ; 


with   ctrl   do 
while   ans  <>  'Q'  do 
begin 

action ( 'UPDATE   CONTROLS'); 
if   next  =  2   then 

ans   : =  '  E' 
else 
begin 

flag  : =  false; 

if   usedrecs (f i lei )  >=  2   then 

begin 

select (' A) dd ,  D)elete,  E)dit,  N)ext,  P)revious  ', 
'or  Q)uit:', CA','D','E','N','P','Q'3 ,ans) ; 
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clearselect 

end 

else 

ans 

; 

=  'A' 

end ; 

i 

case   ans 

of 

'A'  : 

b< 

agin 

action ('ADD  CONTROL  '>; 

if   usedrecsCfil 

el)  =  maxctr 

1 

begin 

clearf rame; 

message ( ' THE 

SYSTEM 

CANN 

0 

then 


HOLD  ANOTHER' , 
'  CONTROL'); 


wait; 

goto  cancel 
end ; 

IOcontrol tctrl , 'A' , expno) ; 
addrec(f ilel , rn, Ctrl ) ; 
addkey ( index 1 ,rn, index) ; 
idx  : =  index; 
findkey<  index 1 ,  rn , idx ) 
end; 
'D'  :  begin 

action < 'DELETE  CONTROL  '); 

deletecontrol (cproblem, idx) ; 

controlf orm (expno) ; 

i  :=  strtoint < idx) ; 

clearkey ( indexl ) ; 

if   i  <=  usedrecs ( f 1 lei )   then 

f indkey  <  indexl ,  rn, idx) 
else 
repeat 

next key  < indexl , rn , idx) 
until  ok 
end; 
'E'  :  begin 

actionCEDIT  CONTROL'); 
getrec (f i lei , rn,ctrl ) ; 
IOcontrol (ctrl , 'E' .expno) : 
putrec (f ilel , rn,ctrl ) 
end ; 
'N'  :  repeat 

next key ( indexl ,rn, idx ) 
unti 1   ok ; 
'P'  :  repeat 

prevkey ( indexl , rn . idx ) 
until   ok 
end;  (of  case) 
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if   ans  in  ['D','H','P']   then 
begin 

getrec(filel,rn,ctrl) ; 

writecontrol (ctrl , expno) 
end; 

if   next  =  2   then 
begin 

next key  <  index 1 ,rn , idx) ; 
if   not  ok   then 
begin 

next  :=  0; 
ans   :=  'Q' 
end 
end 

end;  (of  with/while} 
cancel:   closef ile < f i lei ) ; 

cloaeindex  (  mdexl )  ; 


end ; 


<*  updatexposure  adds,  deletes,  edits  and  scrolls 

the  file  of  the  exposures  data.  *) 

overlay   procedure     updatexposure <  cproblem  :  str8; 


var   expno 


:   inteqer   ) ; 


label 

cancel ; 
var 

rn,i,t   :  integer; 

idx      :  string  L21 ; 

ans      :  char; 


<*   writexposure  writes  the  content  of  an  exposure  record 

on  the   input/output  exposure  form.  *) 

procedure  writexposure Cexpsr  :  exposure); 
begin 

exposuref ields; 
with  expsr  do 
begin 

gotoxy (9,  6;  ;  write  <  index)  ; 
textbackground < 14) ; 
textcolor (0) ; 

wri te ( description ) ; 
write (damage) ; 
write (probabi lity) ; 
wr i te ( smal lest ) ; 
write ( most 1 ikely) ; 
wr ite < largest ) ; 


gotoxy(28,  6) 
gotoxy<23,  8) 
gotoxy<48,  8) 
gotoxy (25, 10) 
gotoxy (49, 10) 
gotoxy (69, 10) 
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gotoxy (22, 12) ;  write (rankP) ; 
gotoxy (43, 12) ;  write(rankQ) 
end;  (of  with) 
textbackground(z) ; 
textcolor (x) 
end; 


<*  IOexposure  reads  input  data  from  the  screen.  It  is 

used  for  adding  and  editing  exposures.  *) 

procedure   IOexposureC var   expsr   :   exposure;   ch   :  char); 
var 

tc      :  char; 

tl      :  string  Cll ; 

t2      :  string  C3]  ; 

i,j,ti  :  integer; 

begin 

i   :=  1; 

tc  :=  #0; 

with   expsr   do 

while   tc  <>  'Y'   do 

begin 

i  :=  1; 
case   ch   of 
'A'  :  begin 


f i 11 char (expsr, sizeof ( expsr) , 0) ; 
exposuref ields ; 

index  :=  inttostr < usedrecs ( f i lei ) +1 ) ; 
if   length ( index)  =  1   then 
insert < ' 0' , index, 1 ) ; 
gotoxy(9,6);  write(index) 
end ; 
'E'     :    writexposure (expsr ) ; 
end;  (of  case) 

repeat 

case   i   of 

1  :   inputstr (description ,50, 28,6.  [#32.  . #126]  . tc >  : 

2  :  inputstr (damage, 8, 23,8,  [#48.  .#57]  , tc) ; 

3  :  begin 

f illchar (t2, sizeof (t2) ,0) : 

t2  :=  copy (probability , 3, 3) ; 

inputstr (t2, 3,50,8,  [#48.  .#57]  ,tc)  ; 

if   (length(t2)  <  3)  and  (length(t2)  >  O)  then 

for  ■}     :=  length  ( t2 ) -»-l  to  3  do 

insert ( '0' , t2, 3 ) ; 
probability  :=  '0.'  +  t2; 
end ; 
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4  :     inputstr<smallest,8,25,10, [#48. .#573 ,tc) ; 

5  :    inputstr (mostlikely ,8, 49, 10, [#48. .#57] , tc) ; 

6  :  inputstr< largest , 8,69, 10, [#48. .#57] , tc) ; 

7  :  begin 

f illchar <tl,sizeof (tl) ,0) ; 

f illchar<t2,sizeof <t2) ,0) ; 

tl  :=  copy (rankP, 1 , 1 ) ; 

t2  :=  copy (rankP, 3,3) ; 

inputstr (t 1,1, 22, 12,  [#48.  .#57]  , tc) ; 

inputstr <t2, 3, 24, 12, [#48. .#57] , tc) ; 

if   <length<t2)  <  3)  and  (length(t2)  >  0)  then 

for  3     :=  length < t2 ) +1  to  3  do 

insert < '0' , t2, j ) ; 
rankP  :=  tl  +  ' . '  +  t2 
end; 

8  :  begin 

f illchar ( tl , sizeof ( tl ) ,0) ; 

f illchar < t2, sizeof < t2) ,0) ; 

tl  :=  copy (rankQ, 1 , 1 ) ; 

t2  :=  copy (rankQ, 3,3) ; 

inputstr (tl , 1 ,43, 12, [#48. .#57] , tc) ; 

inputstr (t2, 3, 45, 12,  [#48.  .#57]  , tc) ; 

if   (length(t2)  <  3)  and  (length(t2)  >  0)  then 

for  3  :=  length(t2)+l  to  3  do 

insert ( '0' ,t2, J  > ; 
rankQ  : =  tl  +  ' . '  +  t2 
end 
end;  (of  case) 

ti  : =  i; 
funckey ( tc , i )  ; 

if      (ti   =   1)   and   ( chr ( ord ( tc ) - 100)  <>  'H'>   then 
i  :  =  i  +  1 
until   1  >  8; 

select  CIS  RECORD  CORRECT  (  Y /N  >  ?  :'. 

[' Y' , 'y' , 'N' , 'n'] ,tc) ; 
clearselect 
end;  (of  while) 
end  ; 
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(*  deletexposure  deletes  the  current  control  record 
on  the  screen,  if  there  are  more  than  two  exposures 
in  the  exposure  file  and  adjusts  the  index  of  all 
the  successor  records.  Then  it  opens  the  control 
file  and  removes  from  all  the  control  records  the 
reference  to  the  deleted  exposure.  *) 

procedure    deletexposure (  cproblem   :  strS;   idx   :  str2  ); 
var 

i ,rn, usdr, 

t, recno    :  integer; 

tc         :  char; 

tdx         :  string  C2]  ; 

begin 

clearf rame; 

usdr  :=  usedrecsCf ilel ) ; 

if   usdr  =  2   then 

begin 

message ( 'SYSTEM   REQUIRES   2   EXPOSURES     AT    LEAST'); 
wait 
end 
else 
begin 

message* ' ***»*»   DELETING     EXPOSURE   '+idx+'  **»***'); 

deletekey ( indexl , rn, idx) ; 

deleterec (filel,rn) ; 

recno  :=  strtoint < idx ) ; 

usdr  :=  usedrecs ( f i lei ) ; 

if   recno  <=  usdr   then 

with   expsr   do 

begin 

f  illchar  <  tdx,  sizeof  ( tdx">  ,  0  )  ; 
tdx  :=  inttostr ( recno+ 1 ) ; 
if   length(tdx)  =  1   then 

insert ( '0' , tdx, 1 ) ; 
findkey ( indexl , rn , tdx ) ; 
repeat 

getrec (filel,rn, expsr ) ; 

t  :=  strtoint ( index)  -  1; 

index  :=  inttostr(t); 

if   length ( index )  =  1   then 

insert< ' 0' , index, 1) ; 
putrec  <filel,rn, expsr) ; 
deletekeyC indexl, rn, tdx) ; 
add key  <  indexl ,rn, index); 
next key ( indexl , rn , tdx) 
until   not  ok 
end;  (of  if /with) 
closef ile (f l lei ) ; 
close index ( indexl ) ; 
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with   ctrl   do 
begin 

initindex; 

openf i 1© (f ilel , dr+cproblem+ ' .del' , sizeof (ctrl ) ) ; 

open index ( index 1 , dr+cproblem+ ' . icl ' , sizeof ( index) ,  0)  ; 

clearkey ( indexl ) ; 

repeat 

next key  <  indexl ,rn, tdx) ; 

if   ok    then 

begin 

getrec(f ilel , rn,ctrl ) ; 

for   i  : =  recno  to  usdr   do 

begin 

effect CiD  :=  effectCi+1]; 
end;  Cof  for) 

f illcharC effect Ci+1] ,6,0) ; 
putrec  <f i lei , rn, ctrl ) ; 
end 
until   not  ok; 
closef ileCf ilel) ; 
close index ( indexl ) 
end;  (of  with) 
initindex; 

openf ile<f ilel , dr+cproblew+ ' .  dxp' , sizeof (expsr > ) ; 
open index (indexl, dr +cproblem+ ' . ixp' , 

sizeof (expsr . index ) , 0 ) ; 
end  (of  else) 
end  ; 


begin    (of  updatexposure) 
exposureform ; 
initindex ; 
openfile(filel,dr+ 
expno 
ope 


tinaex ; 

infile(filel , dr*cproblew+ ' .dxp' , sizeof (expsr) ) ; 

no  :=  usedrecs ( f l lei ) ; 

m index ( indexl , dr +cproblem+ ' . ixp' , 

sizeof (expsr. index) ,0) ; 
f illchar ( idx , sizeof (idx) ,0) ; 
fi 1 lchar ( expsr , sizeof ( expsr ) ,0) ; 
clearkey (indexl ) ; 


c 

if   next  <> 

begin 


1   then 


y  a  xi 

next key ( indexl , rn , idx ) ; 

if   ok   then 

begin 

getrec ( fi lei , rn , expsr ) ; 
writexposure( expsr) 
end 

else   goto  cancel 
end  ; 
ans  : =  '  ' ; 
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with   expsr   do 
while   ans  <>  'Q'   do 
begin 

action ('UPDATE  EXPOSURES'); 

if   usedrecs (f ilel )  >=  2   then 

begin 

select ( 'A)dd,  D)elete,  E)dit,  N)ext,  P)revious  ', 

'or  Q)uit: ' , C'A','D','E','N','P','Q'3 ,  ans) ; 
clearselect 
end 
else 

ans  : =  ' A' ; 

case   ans   of 
'A'  :  begin 

actionCADD  EXPOSURE'); 

if   usedrecs (f ilel )  =  maxexp   then 

begin 

clearframe; 

message ('THE   SYSTEM   CANNOT  HOLD  ANOTHER  ', 

'EXPOSURE' ) ; 
wait ; 

goto  cancel 
end ; 

IOexposure (expsr , 'A' ) ; 
addrec ( f  i lei , rn , expsr ) ; 
addkey ( index 1 ,rn, index) ; 
idx  : =  index ; 
find key ( index 1 , rn , idx ) 
end ; 
'D'  :  begin 

action( 'DELETE  EXPOSURE'); 

deletexposure (cproblem , idx ) ; 

exposuref orm ; 

i  :=  strtoint ( idx) ; 

clearkey ( indexl ) ; 

if   i  <  =  usedrecs ( fi lei )   then 

f indkey ( indexl ,rn, idx) 
else 
repeat 

next key ( indexl ,rn, idx) 
until   ok 
end ; 
'E'  :  begin 

action ('EDIT  EXPOSURE'); 
getrec (filel,rn, expsr ) ; 
10exposure(expsr, 'E' ) ; 
putrec (filel,rn, expsr) 
end; 
'N'  :  repeat 

next key ( indexl ,rn, idx) 
until   ok; 
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'P'  :  repeat 

prevkey <  index 1 ,rnf idx) 
until   ok 
end;  (of  case) 

if   (ana  in  ['D'/M'/P'D   then 
begin 

getrec(f ilel , rn, expar) ; 

wr itexpoaure  <  expar ) 
end  (of  if) 

end;  (of  with/while) 
t  :=  uaedrecs (f ilel ) ; 
if   expno  <  t   then 
begin 

expno  : =  t ; 

next  : =  2 
end 
else 

next  :=  0; 
expno  : =  t ; 
cancel:  closef i le ( f ilel ) ; 

close index (indexl) ; 
end  ; 


<*  get  directory  asks  the  user  to  define  the  drive  he/she 
wants  to  use,  writes  directory  in  the  work  area  and 
asks  for  a  problem  description.  *) 

overlay  procedure  getdirectory ; 
label 

cancel ; 
var 

i,  j,    number  :  integer; 

tby  :  real; 

ch  :  char; 

idx  :  string C23 ; 

begin 

clearproblem ; 

clearf rame; 

message( 'DEFINE   THE   DRIVE   YOU   WANT  TO  USE  FOR  FILES'); 

gotoxy (16,16) ; 

writeCIT  IS  BETTER  THE  D5S  TO  BE  ON   A  DIFFERENT  DRIVE'); 

gotoxy (16, 18) ; 

write ('DO  NOT  USE  THE  LETTER  C  IF  THERE  IS  NO  HARD  DISK'); 

select ( 'DRIVE   A,B,C,D,E   or  F : ' , [#65 . . #70 , #97 . . #102 J , ch ) ; 

f illchar (dr , sizeof (dr ) ,0)  ; 

dr  : =  ch  +  ' : ' ; 

clearf rame ; 

action( 'DIRECTORY' ) ; 
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openf ile(f ilel ,dr+ ' problem. dta' , sizeof (problem) ) ; 

If   ok   then 

begin 

Initindex; 

open index  <  index 1 ,dr+' problem .  idx' , 

sizeof < problem . problemname) ,0) ; 

clearkey < indexl ) ; 

i  :=  10; 

3  :-  l; 

gotoxy (12,7) ; 

write( 'CHOOSE  ONE  OF  THE  FOLLOWING  OR  CREATE  YOUR  ', 

'OWN  PROBLEM' ) 
textbackground ( 14) ; 
textcolor (0) ; 
gotoxy ( 15, 9) ; 
write( 'PROBLEM: ' ) ; 
gotoxy (27, 9) ; 
write( 'CREATED  BY:'); 
gotoxy (56, 9) ; 
write( 'DATE: ' ) ; 
textbackground (z) ; 
textcolor (x) ; 
next key ( indexl , number .problem. problemname) ; 


repeat 

getrec ( f i lei , number , problem ) ; 

gotoxy ( 15 , i ) ;  write ( problem . problemname ) ; 

write ( problem . creator ) ; 

wri te ( problem . date) ; 


gotoxy ( 27, i ) ; 
gotoxy (56 , i ) ; 


:  =  i 

:=  i 


+  l; 
-  l; 

>  20) 


and  ( usedrecs (f i lei )  >  j)   then 


if   (i 
begin 

i  :=  10; 
wait; 
cleartext 
end; 

next key ( indexl , number .problem . problemname) 
until   not  ok; 
gotoxy(21 ,21 ) ; 
textbackground ( 3) ; 
textcolor (0) ; 
wr ite (' Number  of  Problems  in  the  Directory:  ', 

usedrecs (filel) :2) ; 
textbackground (z ) ; 
textcolor(x) ; 
closef i le(filel) ; 
close index ( indexl ) 
end 
else 
begin 

spaceavai lable ( tby ) ; 
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if   tby  <  30000.0   then 
begin 

message ( 'THERE   IS   NOT   ENOUGH   SPACE  ON  DRIVE  '+dr>; 
wait; 

next  :=  3; 
goto  cancel 
end ; 

message( ' **»»»*  NEW   DIRECTORY  ***»»*'}; 
makef ile(£ilel ,dr+ ' problem . dta' , sizeof (problem) ) ; 
make index  <  index 1 ,dr+ ' problem . idx' , 

sizeof (problem . problemname) ,0) ; 
closef ile(f ilel) ; 
closeindex( index 1 ) ; 
end; 

initindex; 

openf ile (f ilel ,dr+ ' problem . dta' , sizeof (problem ) ) ; 
openindex( index 1 ,dr+ ' problem . idx'  , 

sizeof (problem . problemname) ,0)  ; 
actionCGIVE  PROBLEM  NAME'); 
gotoxy (4,23) ; 

write( 'ENTER  THE  NAME  OF  THE  PROBLEM:'); 
fillchar (cproblem, sizeof (cproblem) ,0) ; 
fillchar ( problem , sizeof ( problem ) ,0) ; 
inputstr(cproblem,8,35,23, [#48. .#1263 ,tc) ; 
cproblem  :=  upcasestr (cproblem) ; 
adjuststr (cproblem) ; 
f indkey ( index 1 , number , cproblem ) ; 
if   not  ok   then 
begin 

spaceavai lable ( tby )  ; 

if   tby  <  10000.0   then 

begin 

closef ile (f ilel ) ; 
closeindex ( indexl ) ; 
clearf rame; 

message( 'THERE  IS  NOT   ENOUGH   SPACE   ON   DRIVE  '+dr>; 
wait ; 

next  :=  3; 
goto  cancel 
end; 

clear select ; 

gotoxy  (4,23)  ;  writeCENTER  YOUR  NAME:'); 
inputstr (problem. creator ,25,21,23, [#32. .#126] ,tc) ; 
problem . problemname  :=  cproblem; 

problem . creator  :=  upcasestr ( problem . creator ) ; 
getdate ( problem . date) ; 
number  : =  0 ; 

addrec (f i lei , number, problem) ; 
add key ( indexl , number, problem . problemname) ; 
closef ile (f ilel ) ; 
closeindex ( indexl ) ; 
expno  : =  0 ; 
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next  : =  1 ; 
end 
else 

<*  get  key  information  about  the  latest  model  execution  *) 
with   problem   do 
begin 

getrec(f ilel , number , problem) ; 

wcombindex  :=  wcomb; 

pcombindex  :=  pcomb; 

rcombindex  :=  rcomb; 

wtotalcost  :=  strtoreal ( wtotcost) ; 

ptotalcost  :=  strtoreal (ptotcost) ; 

rtotalcost  :=  strtoreal (rtotcost) ; 

closef ileCf ilel) ; 

closeindex ( indexl ) ; 

openf  i  le  <f  ilel ,  dr  +  cproblem-"- '  .dxp'  , sizeof (expsr)  )  ; 

expno  :=  usedrecs (f ilel ) ; 

closef ile (f ilel ) ; 

problemf ield (cproblem ) 
end; 
cancel : 
end; 


BEGIN   (OF  DATABASE) 
ans  : =  '  ' ; 
if   flag   then 
begin 

getd i rectory ; 

if   next  =  1   then 

begin 

raakeproblem (cproblem) ; 
updatexposure < cproblem, expno) ; 
next  :=  1; 

updatecontrol < cproblem , expno) 
end ; 
if   next  <>  3   then 

flag  : =  false; 
next  : =  0; 
goto  cancel 
end; 

while   ans  <>  '6'   do 
begin 

dbasemenu ; 

select < 'SELECT  1,2,3,4,5  or  6  : ' , C ' 1 ' . . ' 6' 3 , ans) ; 
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case   ans   of 

*!'     :  help('D'); 
'2'  rbegin 

getdirectory ; 

if   next  =  1   then 

begin 

makeproblem (cproblem) ; 
updatexposure ( cproblem , expno ) ; 
next  : =  1 ; 

updatecontrol (cproblem, expno) ; 
next  : =  0 
end 
end; 
'3'  :  begin 

clearf rame; 

message C DO  YOU  WISH  TO  DELETE  THE  PROBLEM?'); 

selectCTYPE  CM   TO  DELETE   OR  ANY   KEY  TO  ', 

'CANCEL' , C#l . .#126] ,  ans) ; 
if   ans  =  ' ! *    then 
begin 

deleteproblem (cproblem) ; 
flag  : =  true; 
next  :=  0; 
goto  cancel 
end; 

ans  : =  '  ' 
end; 
'4'  :  begin 

updatexposure (cproblem . expno) ; 

if   next  =  2   then 

begin 

updatecontrol (cproblem , expno) ; 
next  : =  0 
end 
end; 
'5'  :  updatecontrol (cproblem , expno) 
end  (of  case) 
end;  (of  while) 
cancel : 
END; 
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(»  *) 

<»  MODEL. DSS                           ») 

(*  *) 

<*  This  is  the  model  execution  part  of  the  system.  The   *) 

<*  user  can  select  one  or  more  statistical  methods  for   *) 

<»  the  model  run.                                         *) 

<*  «) 
(A**********************************************************) 


overlay  procedure   model; 
label 

cancel , cont ; 
var 

ans, tans , ch 

f lagl ,f lag2 

method 

expdam 

i , rn ,ctrlno 

idx 

maximum 

benefit , 

u , y , t  :  real ; 


char; 
boolean; 
string  121  ; 
array  CI.  .maxexp] 
integer; 
string  C2]  ; 
string  CIO]  ; 


of  real; 


(»  weightedprobability  computes  the  expected  cost  for 

each  exposure  of  the  exposure  file.  *) 

overlay  procedure   weightedprobability; 
begin 

initindex ; 

openf  ile  <f  ilel ,  dr  +  cproblem-*- '  .dxp'  ,  sizeof  (  expsr  )  )  ; 

open index  <  indexl , dr  +  cproblem+ '  . ixp' , 

sizeof (expsr . index) , 0) ; 
clearkey ( indexl ) ; 

fillchar ( expdam , sizeof (expdam ) ,0) ; 
fi 1 lchar ( expsr , sizeof (expsr ) ,0) ; 
totaloss  : =  0; 
with   expsr   do 
repeat 

next key ( indexl ,rn, idx ) ; 

if   ok   then 

begin 

getrec ( f i lei , rn , expsr ) ; 

i  :=  strtoint ( index) ; 

expdam CiD  :=  strtoreal (damage)  » 

strtoreal (probability) ; 
totaloss  :=  totaloss  +  expdam CiD; 
end 
until   not  ok; 
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closef ile(f ilel ) ; 
close index ( index 1 > 
end; 


< »  pertmethod  computes  the  expected  cost  for  each  exposure 

of  the  exposure  file,  using  the  P.E.R.T.  method         *) 
overlay  procedure   pertmethod; 
begin 

f illchar (expsr , sizeof (expsr ) ,0) ; 

initindex; 

openf ile(f ilel ,  dr +cproblem+ ' .dxp' , sizeof (expsr) ) ; 

openindex<  index 1 , dr  +  cproblet+ * . ixp' , 

sizeof (expsr . index) , 0) ; 
f illchar (expdam, sizeof (expdam) , 0) ; 
clearkey ( indexl ) ; 
totaloss  :=  0; 
with   expsr   do 
repeat 

next key ( indexl ,rn,idx) ; 

if   ok   then 

begin 

getrec(f ilel , rn , expsr ) ; 

i  :=  strtoint ( index)  ; 

expdam ti]  :=  (strtoreal (smallest )  + 

4  *  strtoreal (mostl ikely ) 
+  strtoreal ( largest ) )  /  6; 
totaloss  :=  totaloss  +  expdam Ci] 
end 
until   not  ok; 
closef ile(f ilel ) ; 
close index ( indexl ) 
end; 


(*  rankingmethod  computes  the  expected  cost  for  each 
exposure  of  the  exposure  file,  using  the  Ranking 
method.  *) 

overlay  procedure   rankingmethod; 
begin 

initindex; 

openf ile(f ilel , dr +cproblem+ ' .dxp' , sizeof (expsr) ) ; 

open index ( indexl , dr+cproblem+ ' .ixp' , 

sizeof (expsr . index) , 0) ; 
clearkey ( indexl ) ; 

fil lchar (expdam , sizeof (expdam ) ,0) ; 
f illchar (expsr , sizeof (expsr ) ,0)  ; 
totaloss  : =  0; 
y  :=  ln(10); 
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with   expsr   do 
repeat 

next key ( index 1 , rn, idx) ; 

if   ok   then 

begin 

getrec<f ilel ,rn, expsr ) ; 

u  :=   y  »   (strtoreal (rankP)  *   strtoreal (rankQ)  -  3); 
i  :=  strtointC index) ; 
expdam[i3  :=  exp(u)  /  4.0; 
totaloss  :=  totaloss  +  expdamCi] 
end 
until   not  ok; 
closef ile(filel) ; 
close index ( index 1 ) 
end; 


(*  ef f ecti vecontrol  computes  the  effectiveness  for  each 
control  activity  in  the  control  file.  If  the  control 
is  an  effective  one  then  it  is  loaded  in  memory  for 
subsequent  computation.  ») 

overlay  procedure   ef f ectivecontrol ; 
begin 

initindex ; 

openf ile<f ilel ,dr+cproblew+ ' . del ' , sizeof (ctrl ) ) ; 

open index  <  index 1 , dr +  cproblem+ '  . icl ' , sizeof  <  Ctrl . index )  ,  0)  ; 

clearkey ( indexl ) ; 

fillchar (ctrlmatrix, sizeof (ctrlmatrix) ,0) ; 

fillchar (ctrl , sizeof (ctrl ) ,0)  ; 

fi llchar (comb , sizeof c comb) ,0) ; 

ctrlno     : =  0 ; 

totalcost  :=  0; 

with   ctrl   do 

repeat 

next key ( indexl , rn, idx)  ; 

if   ok   then 

begin 

benefit    :=  0; 
getrec( f ilel ,rn, Ctrl ) ; 
for   i  : =  1  to  expno   do 

benefit  :=  benefit  +    strtoreal ( effect CiJ )  * 

expdam  C i ]  ; 

if   benefit  >  strtoreal ( cost )   then 
begin 

ctrlno  :=  ctrlno  +  1; 

ctrlmatrix [ctrlno]  :=  ctrl; 

totalcost   :=  totalcost  +  strtoreal (cost ) ; 

combCctrlno]  :=  index 
end 
else 
begin 
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message? 'CONTROL  '+  copy (description, 1 , 

length(description) >  +  '   IS  NOT  EFFECTIVE'); 
delay<2000) ; 
clear message 
end 
end 
until   not  ok; 
closef ile(f ilel ) ; 
closeindex< indexl ) ; 
end; 


(»  controlsets  generate  all  the  possible  control  sets 
and  updates  the  problem  record  in  the  directory  of 
the  system.  It  has  the  ability  also  to  create  and 
delete  the  set  files.  *) 

overlay  procedure   controlsets (maxcost  :  real); 
label 

cancel ; 
var 

i , j ,k , 1 , maxcomb, p, rn  :  integer; 

cost, value, sef f , tby , 

f ilebytes, indexbytes  :  real; 

combination  :  array  CI .. maxctrl]  of  char; 

(*  binary  converts  a  decimal  number  to  its  binary 
representation.  Its  purpose  is  to  generate  the 
combinations  of  the  control  activities.  *) 

procedure   binaryCk  :  integer); 
var 

2  '.     integer; 

begin 

for  j     :=  1  to  ctrlno   do 
begin 

if   k  mod  2  <>  0   then 

combination Lj ]  :=  ' 1' 
else 

combination C j ]  :=  '0'; 
k  :=  k  div  2 
end  (of  for) 
end ; 

begin 

maxcomb  :=  round ( exp < In < 2 )  *  ctrlno))  -  1; 

(*  computed  the  size  in  bytes  of  the  set  file  *) 

filebytes   :=  (sizeof(st)  *  1.0)  *  maxcomb; 

indexbytes  :=  < ( < sizeof (st . Ck)  +  5)*  (order+3)  *  1.0)  * 

maxcomb) /order ; 
<*  ask  the  available  bytes  of  the  specified  drive  *) 
spaceavai lable < tby ) ; 
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if   tby  <  (f ilebytes+indexbytes)   then 
begin 

message ('THERE   IS    NOT   ENOUGH   SPACE   ON   DRIVE' +dr); 
flag2  :=  true; 
goto  cancel 
end; 

textbackground (3) ; 
initindex; 

makefile (f ilel , dr+cproblem+ ' . ' + method + ' dt' , sizeof (st ) ) ; 
makeindexC  index  1 ,  dr  +  cproblem-*- '  .  '  +method  +  *  ic'  , 

sizeof (at.Ck) , 1) ; 
P  :=  0; 
with   st   do 

for   i  : =  1  to  maxcomb   do 
begin 

fillchar(st, sizeof (st) ,0)  ; 

fillchar (combination, sizeof (combination) ,0) ; 

binary ( i ) ; 

cost  :=  0.0; 

for   3  :=  1  to  ctrlho   do 

if   combination [3]  =  '1'   then 

cost  :=  cost  +  strtoreal (ctrlmatr ix [ 3 3 . cost ) ; 
if   maxcost  >=  cost   then 
begin 

value  : =  0.0; 

for   3  : =  1  to  expno   do 

begin 

seff  :=  0.0; 

for   1  :=  1  to  ctrlno   do 
if   combination  CI ]  =  '1'   then 
seff  :=  seff  +  (1  -  seff)  * 

strtoreal  (ctrl  matrix  [13  .  effect  C  3  3  )  ; 
value  :=  value  ♦  seff  »  expdam[j3 
end;  (of  for  3 ) 

(*  Keep  only  the  effective  control  sets  *) 

if   value  >  cost   then 

begin 

1  :=  0; 

for   3  :=  1  to  ctrlno   do 

if   combination [3 3  =  '1'   then 
begin 

1  :  ■  1  +  1 ; 

setcombC13  :=  ctr lmatr ix [ 3 3 . index 
end ; 
p  :=  p  ♦  1; 

gotoxy (31 ,21 ) ;    write (' Number    of    Sets   :',p:4); 
str (value: 10:0, Vk) ; 
str ( ( totaloss  -  value) : 10 : 0 , Lk) ; 
str (cost : 10:0,Ck) ; 
str( (value  -  cost ) : 10 : 0, Nk ) ; 
str ( (totaloss  -  value  +    cost ) : 10 : 0, TCk ) ; 
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str< (value. /  cost) :5:4,BCR) ; 

if   strtoreal (BCR)  <  10.0   then 

insertC  ',BCR,D; 
addrec(f ilel , rn,at) ; 
addkey ( index 1 , rn,Ck) ; 
end 
end 
end;  (of  for  i) 

gotoxy (31,21) ;  write (conststr ( '  ',20)); 
if   usedrecs(f ilel )  =  0   then 
begin 

closef ile(f ilel ) ; 
closeindex ( indexl ) ; 
assign (f 1 , dr+cproblem+ ' 
erase (f 1 ) ; 

assign  (f  1  ,dr+cproblern+' 
erase (f 1 ) 
end 
else 
begin 

closef ile(f ilel ) ; 

closeindex ( indexl ) ; 

if   totalcost  >  maxcost   then 

totalcost  :=  maxcost; 
case   method   of 


'  +method-»-'dt'  )  ; 
'  ♦method-'- '  ic'  )  ; 


w 


begin 

wcombindex 
problem . wcomb 
wtotalcost 


: =  comb ; 
: =  comb ; 
: =  totalcost ; 
str (totalcost : 10:0, problem . wtotcost ) ; 
ad justs tr ( problem . wtotcost) 
end ; 
begin 


pcombindex 
problem . pcomb 
ptotalcost 


: =  comb; 
: =  comb ; 
: =  totalcost ; 
str (totalcost : 10:0, problem . ptotcost ) ; 
ad]uststr( problem . ptotcost) 
end  ; 


'r' 


comb ; 

comb ; 

totalcost ; 

0 , problem . rtotcost )  ; 


begin 

rcombindex 
problem . rcomb 
rtotalcost 
str (totalcost: 10 
adjuststr( problem. rtotcost) 
end 
end;  (of  case) 

openf i le(filel,dr+'problem.dta' , sizeof ( problem ) ) ; 
open  index  (  indexl ,  dr  + '  problem  .  idx  '  , 

sizeof ( problem . problemname) ,0) ; 
findkey ( indexl , rn , cproblem) ; 
putrec ( f ilel, rn, problem; ; 
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closef ile(f ilel ) ; 
close index  <  index 1 ) 
end; 

cancel:  textbackground (z) 
end; 

BEGIN    (OF  MODEL) 
ana   :  =  '  ' ; 

flagl  :=  false; 
while   ana  <>  '6'   do 
begin 

if   not  flagl   then 
begin 

modelmenu; 

select ('SELECT   1,2,3,4,5    or   6   : ' ,  C '  1 '  .  .  ' 6 ' ]  , ans) ; 
clearf rame ; 
tans  : =  ans 
end; 

if   ans  =  '5'   then 
begin 

flagl  : =  true; 
ans   : =  '0'  ; 
tans  :=  '2' 
end; 

ch  :=  #0; 
case   tans   of 

'1'  :  help('O'); 
'2'  :  begin 

method  : =  ' w' ; 

action ( 'MODEL  /  WEIGHTED  METHOD'); 
end ; 
'3'  :  begin 

method  : =  ' p' ; 

action ('MODEL  /  P.E.R.T.  METHOD'); 
end ; 
'4'  :  begin 

method  : =  ' r ' ; 

action( 'MODEL  /  RANKING  METHOD'); 
flagl  : =  false 
end; 
'6'  :  goto   cancel 
end;  (of  case) 

if   tans  in  C'2'..'5']   then 
begin 

openf ile (f ilel , dr+cproblem+ ' . /+method+'dt' , 

sizeof ( st ) ) ; 
if   ok   then 
begin 

closef ile (f ilel ) ; 

message ( 'THERE  15  ALREADY   FILE   FOR   THAT  METHOD'); 
select ( 'SELECT  D)elete,  R)un  or  any  key  to  cancel:', 

[#1 . .#1263 ,ch) ; 
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clear message; 

clearaelect; 
end; 

if   ch   in  C'D','R',#0]   then 
begin 

if   ch  in  C'D','R']   then 
begin 

assign (f 1 , dr+cproblem+ ' . ' +method+ ' dt ' )  ; 

erase (f 1 ) ; 

assign (f 1 , dr+cproblem+ ' . ' +method+ 'ic'); 

erase  <f 1 ) 
end; 
if   ch  =  'D'   then 

goto  cont; 
case   tans   of 

'2'  :  weightedprobability ; 

'3'  :  pertmethod; 

'4'  :  rankingmethod 
end; 

ef f ecti vecontrol ; 
if  totalcost   <  1.0   then 
begin 

message ( 'CANNOT  COMPUTE   SETS  WITHOUT  EFFECTIVE  ', 

'CONTROLS' ) ; 

wait; 

goto  cont 
end; 

if   ctrlno  =  1   then 
begin 

messageC 'CANNOT   COMPUTE   SETS   WITH   ONLY   ONE  ',  . 

'EFFECTIVE  CONTROL'); 

wait; 

goto  cont 
end; 
if   totaloss  >  totalcost   then 

t  : =  totalcost 
else 

t  : =  totaloss; 
gotoxy (20,  8) ; 
write( 'Total  Damage  Due  To  Exposures   :', 

totaloss: 10:0) ; 
gotoxy (20, 10) ; 
writeCCost  to  Implement  All  Controls  :', 

totalcost : 10: 0) ; 
gotoxy (13, 14)  ; 
writeCGive  The  Maximum  Amount  You  Want  To  ', 

'Spend  On  Controls'); 
gotoxy ( 29, 15) ;   write('or   press   Enter   for   ALL'); 
gotoxy (30, 17) ;  write (' MAXIMUM  :  S'); 
str (t:l0:0, maximum)  ; 
adjuststr (maximum) ; 
inputstr (maximum, 10,42, 17, CO' . . '9' ] , ch) ; 
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clearf rame; 

message < 'PLEASE   WAIT'); 

controlsets ( strtoreal (maximum) ) ; 

if   flag2   then 

begin 

flag2  :=  false; 
goto  cont 
end; 

clear message 
end 
end; 

cont:  if   flagl   then 
begin 

tans  :=  chr (ord < tans) +1 ) ; 
clear message 
end 
end;  (of  while) 
cancel : 
END; 
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(*  *) 

<*  SEN5ANAL.DS5                          *) 

(*  *) 

(*  This  is  the  sensitivity  analysis  part  of  the  system.   *) 

(*  It   consists   of   procedures   for   control   strategy   *) 

(*  selection,  graphics  and  report  printouts.               ») 

<*  *) 


overlay  procedure  sensitivityanalysis; 
var 


a,b  :  plotarray; 

i  ,  j  ,  k, rn, ctrl no, 

maxNKrn, maxBCRrn  :  integer; 

maxNk, maxBCR, 

low, high, key  :  stringCIO]; 

idx  :  string  C2] ; 

ans, method, tc  :  char; 


(*  inputlimits  prompts  the  user  to  give  the  desired  cost 

range  within  which  the  set  files  will  be  searched.      *) 
procedure  inputlimits; 
begin 

clearf rame; 

case   method   of 

'W  :  totalcost  :=  wtotalcost; 

'P'  :  totalcost  :=  ptotalcost; 

'R'  :  totalcost  :=  rtotalcost 
end ; 

clear key ( index2) ; 
nextkey ( index2, rn, key ) ; 
getrec (file2,rn,st) ; 
ad j  uststr (st . Nk ) ; 
adjuststr (st .TCk) ; 

totaloss  :=  st rtoreal (st . Nk )  +  strtoreal (st . TCk ) ; 
gotoxy ( 19,7) ; 

write( 'Total  Damage   Due  To    Exposures  :', totaloss : 10 : 0) ; 
gotoxy ( 19,9) ; 

write( ' Maximum  Cost  in  the  Set  File      :', totalcost : 10 : 0) ; 
gotoxy (12,15) ; 

writeCGive  the   Cost  Range   over  which  the  Search  will  be 

done: ' ) ; 
gotoxy  (29,  17)  ;  writeCLow   Limit  :  S'  )  ; 
gotoxy (29, 19) ;  write('High  Limit  :  $'); 
repeat 

f illchar ( low, 10,0) ; 

f illchar(high, 10,0) ; 
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textbackground ( 14) ; 

textcolor (0) ; 

gotoxy (44, 17) ;  write (conststr < '  ',10)); 

gotoxy (44, 19) ;  write (conststr < '  ',10)); 

inputstr<low,10,44,17, C '0' . . '9' ] , tc) ; 

inputstr<high,10,44,19, C '0' . . ' 9' ] , tc) ; 

if   strtoreal (high)  <=  strtoreal ( low)   then 

begin 

message ('CHECK  YOUR  ENTRY.  "HIGH"  MUST  BE  GREATER  ' 

'THAN   "LOW"'); 
wait; 

clear message 
end 
until   strtoreal (high)  >  strtoreal ( low) ; 
while   length(low)  <  10   do 

insertC  ',low,D; 
while   length(high)  <  10   do 
insertC  ',high,D; 


(*  use  opens  the  files  most  commonly  used  in  the 

sensitivity  analysis  process.  ») 

procedure   use(cproblem  :  str8;  method  :  char); 
begin 

initindex; 

openf i le(filel, dr +cproblem+ ' . del ' , sizeof (ctrl) ) ; 

open index ( indexl ,dr+cproblem+' . icl ' , sizeof (ctrl. index) ,0) : 

openfile(file2, dr+cproblem+ ' . ' + method* ' dt ' , sizeof ( st ) ) ; 

openindex(index2,dr+cproblem+'  .  '  ♦  method  +■ '  ic '  , 

sizeof (st. Ck) ,  1  )  ; 
end ; 


(*  closefiles  closes  files  opened  with  the  use  procedure  *> 

procedure   closefiles; 

begin 

c 1 osef  ile(filel) ; 

close index ( indexl ) ; 

closef ile ( f i le2) ; 

close index ( index 2) ; 
end ; 

overlay  procedure   controlstrategy ; 
label 

cancel ; 
var 

tloss  :  real ; 

title  :  string [60] ; 
begin 

ans  : =  '  ' ; 

while   ans  <>  '4'   do 

begin 
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control strategy menu; 

select ('SELECT  1,2,3  or  4  :  ' , C ' 1 ' . . ' 4' ] , ans) ; 

if   ans  =  '1'   then 

helpCB'  ) 
else 

while   ans  <>  '4'   do 
begin 

clearf rame; 

select < 'SELECT  W)eighted,  P).e.r.t,  R)anking 

or    Q)uit: ' , C'W , 'P' , 'Q' , 'R'J , method) ; 

clearselect; 

if   method  =  'Q'   then  goto  cancel; 

openf  ile<f  ilel ,  dr  +  cproblein+  '  .  '  +method+  'dt'  , 

sizeof (st ) ) ; 
if   not   ok   then 
begin 

clearf rame; 

message ('YOU  MUST  RUN  THE  MODEL  FIRST'); 
wait; 

goto  cancel 
end; 

f illchar (maxNk, 10,0) ; 
f illchar (maxBCR, 10,0) ; 
case   method   of 

'W  :  title  :=  'WEIGHTED  METHOD: 
'P'  :  title  :=  'P.E.R.T.  METHOD: 
'R'  :  title  :=  'RANKING   METHOD: 
end;  (of  case) 
closef ile(f ilel) ; 
use (cproblem, method) ; 
inputlimits; 
key  : =  low; 

searchkey ( index2, rn, key ) ; 
if   ok  and  (key  <=  high)   then 
with   st   do 
begin 
repeat 

getrec(f ile2,rn, st ) ; 

adjuststr ( Nk) ; 

adjuststr (BCR) ; 

if   strtoreal (Nk)  >  strtoreal (maxNk)   then 

begin 

maxNk    : =  Nk ; 
maxNkrn  : =  rn 
end; 
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if     strtoreal(BCR)   >   strtoreal (maxBCR)     then 

begin 

maxBCR    :=  BCR; 
maxBCRrn  : =  rn 

end; 

next key  <  index2,rn, key) 
until   not  ok  or  (key  >  high); 
if   ana  =  '2'   then 
begin 

title  :=  title  ♦  'THE  MOST  EFFECTIVE  SET'; 

rn  : =  maxNkrn 
end; 

if   ans  =  '3'   then 
begin 

title  :=   title  +   'THE  MOST   COST  EFFECTIVE  SET'; 

rn  : =  maxBCRrn 
end ; 

clearf rame; 

f illchar (st,aizeof (at) ,0) ; 
gotoxy ( 10, 6) ;  write ( title) ; 
getrec (f i le2, rn , at ) ; 
3     :=  7; 

for  i  :=  1  to  maxctrl  do 
if  setcombCi]  <>  "  then 
begin 

3    •=   3   -  l; 

find key ( index 1 , rn, set comb  Ci ]  )  ; 

getrec(f ilel , rn,ctrl ) ; 

gotoxydO,  j  )  ;  write  (' CONTROL  ',idx,':  ', 

ctrl . description ) 
end ; 

if   j+8  >  21   then 
begin 

wait; 

clearf rame ; 

3  :=  7 
end; 

gotoxy(  3, j +2) ; write( ' Value  of  Control  Set  :',Vk) 
gotoxy (43, j+2) ;write( ' Cost  of  Control  Set  :',Ck) 
gotoxy(  3, j +3) ; write( 'Total  Expected  Benef it : ' , Nk ) 
gotoxy (43, 3 +3) ; write( 'Total  Expected  Cost  :',TCk) 
gotoxy (25, 3+5) ;write( 'Benef it  Cost  Ratio  :',BCR) 
gotoxy (12, 3+7) ; 
write( 'Prior  Expected  Damage  Due  to  Exposures:', 

totaloss:8:0) ; 
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adjuststr ( Vk) ; 

tloss  :=  totaloss  -  atrtoreal(Vk); 

gotoxy (12, j+8) ; 

write ('Post   Expected  Damage  Due  to  Exposures:', 

tloss:8:0) ; 
wait; 

cloaef ilea 
end  (of  if/with) 
else 
begin 

message ('THERE   IS   NO   ANY  SET  WITHIN  THAT  RANGE'); 
wait 
end 
end;  (of  while) 
cancel : 
end  (of  while) 
end; 
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overlay  procedure   graphics; 
label 

cancel ; 
var 

ans  :  char; 

title  :  string C163 ; 

currentaction   :  string [40]; 

Ylmin, Ylmax, 

Y2min, Y2max, 

tempi , temp2 , 

prevCk, prevBCR, 

prevTCK  :  real; 

bestsetl , 

bestset2,i      :  integer; 

flagl,flag2     rboolean; 

(*  computegraph  computes  the  values  of  the  plotarrays 
which  will  be  used  by  the  makegraph  procedure  to 
draw  the  graphs.  *) 

overlay  procedure   computegraph; 
var 

ti  :  integer; 
begin 

if   flag2   then 

ti  :=  MaxPlotGlb 
else 

ti  :=  24; 
use (cproblem, method) ; 
inputl imits; 

message < 'PLEASE  WAIT   FOR  THE   PREPARATION  OF  THE  GRAPH'); 
i  :=  0; 
key  :=  low; 

search key ( index2, rn, key) ; 
Ylmin  :=  9.99E+20; 
Ylmax  :=  0.0; 
Y2min  :=  9.99E+20; 
Y2max  :=  0.0; 

if   ok  and  (key  <=  high)   then 
with   st   do 
begin 
repeat 

if   i  <  ti   then 
begin 

getrec (f ile2 , rn , st ) ; 

adjuststr (key ) ; 

adjuststr (BCR) ; 

ad j uststr ( TCk) ; 

tempi  :=   strtoreal (BCR) ; 

temp2  :=  strtoreal (TCk) ; 
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if   strtoreal(key)  =  aCi,l] 
begin 

if   tempi  >  aCi,2]   then 
aCi,2]  :=  tempi; 

if   temp2  <  b[i,2]   then 
bCi,2]  :=  temp2 
end 
else 
begin 

i  :=  i  +  1; 


then 


=  strtoreal (key ) ; 

=  strtoreal (key ) ; 

=  tempi; 

=  temp2 


a[i,l] 
b[i,13 
aCi,2] 
bCi,23 
end; 

if   Ylmax  <  tempi   then 
begin 

Ylmax     : =  tempi ; 
bestsetl  : =  rn 
end; 
if   Ylmin  >  tempi   then 

Ylmin  :=  tempi; 
if   Y2min  >  temp2   then 
begin 

Y2min  :=  temp2; 
bestset2  : =  rn 
end ; 

if  Y2max  <  temp2   then 
Y2max  : =  temp2 
end; 

next key ( index2, rn, key) 
until   not  ok  or  (i  =  ti)  or  (key  >  high); 
if   (i  =  ti)  and  (key  <  high)  and  ok  then 
begin 

high  :=  key; 

message (' Cannot  Graph   All  Sets.  Cost  Range  Has  Been', 

Adjusted'); 
wait 
end 
end  (of  if/with) 
else 
begin 

message ( 'THERE   IS   NO   ANY   SET   WITHIN   THAT   RANGE'); 
flagl  :=  true; 
wait; 

clearf rame 
end 
end ; 
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overlay  procedure   makegraph; 
var 

3        :  integer; 
step     :  real; 
numtext  :  string [73; 
begin 

if   i  <  2   then 

message ('CANNOT   MAKE   GRAPH   WITH   LESS   THAN   2  SETS') 
else 
begin 

initgraphic; 

setbreakof f ; 

set messageof f ; 

setlinestyle (0) ; 

setf oregroundcolor (0) ; 

(*  draw  the  first  graph  (upper  left  side)  ») 

def inewindow( 1 , 0, 0, trunc (Xmaxglb/1 .5) , trunc (Ymaxglb/2) )  ; 

def  ineheaderd,  'BENEFIT  COST  RATIO  VS  COST  FOR  '+title); 

if   flag2   then 

begin 

def ineworld(l,a  [1,13/1. 02, Ylmin/l.l,a[i,13»l. 02, 

Ylmax*l .1) ; 
selectwindow( 1 ) ; 
selectworld ( 1) ; 
set header on; 
setbackground (0) ; 
drawborder ; 

drawaxis(9,9,0,0,0,0,0,0,false) ; 
drawpolygon (a, 1,1,4,1,0) 
end 
else 
begin 

def ineworld(l,a [1,1] ,Ylmin/l.l,aCi,l] ,Ylmax*1.2); 

selectwindow ( 1 ) ; 

selectworld ( 1) ; 

setheaderon; 

setbackground (0) ; 

drawborder ; 

drawhistogram (a, i, true, 4); 

drawtextW(a CI, 13 , Ylmax*0.07  +  Ylmin/1.1,1, 

'Costs  below   are  in  Thousands  of  Dollars  (rounded)'); 

f illchar ( numtext , sizeof (numtext) ,0) ; 

step  :=  (a Ci , 1] -a  CI, 1]  )  /  i; 

for   3  : =  1  to  i   do 

begin 

str (round (a  [3 , 13 /1000) : 7, numtext) ; 
adjuststr (numtext ) ; 

drawtextW(a [1,13  +step* (3-D , Ylmax»0. 18  +  Ylmin/l.l,l, 

'  '+  copy (numtext , 1 , length (numtext )) ) 
end 
end ; 
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<»  draw  the  second  graph  at  the  lower  left  side 

of  the  screen .  *  ) 

def inewindow(2, trunc(Xmaxglb/3) , truncC Ymaxglb/2) , 

Xmaxglb, Ymaxglb) ; 
def ineheader(2, 'TOTAL  EXPECTED  COST  VS  COST  OF  CONTROL', 

'  /  '♦  title); 
if   flag2   then 
begin 

flag2  :=  false; 

defineworld(2,bCl,l] /l .02, Y2min/1 .02, b Ci , 1] *1.02, 

Y2max*1.02) ; 
selectwindow ( 2) ; 
selectworld (2) ; 
set header on; 
setbackground (0) ; 
drawborder ; 

drawaxis (9,9, 0,0, 0,0, 0,0, false) ; 
drawpolygon  (b,l,i,4,l,0) 
end 
else 
begin 

def ineworld(2,b[l,l] , Y2min/1 .l,bCi,l] ,Y2max*l .2) ; 

selectwindow (2) ; 

selectworld (2) ; 

setheaderon ; 

setbackground (0) ; 

drawborder ; 

drawhistogram (b, i , true, 4) ; 

drawtextW(bCl,l] , Y2max*0.07  + 

'Costs  below  are  in  Thousands 

f illchar (numtext , sizeof < numtext ) ,0) ; 

step  :=  <bCi,13 -bCl,l] )  /  i; 

for   3  : =  1  to  i   do 

begin 

str < round <b [j , 13 /1000) : 7, numtext) ; 
adjuststr (numtext ) ; 

drawtextW  (b  [1 , 1]  -"-step*  (  j  -1 )  ,  Y2max*0  .  18  +  Y2min/1 . 1,1, 

'  '+  copy (numtext, 1 , length (numtext) ) ) 


Y2min/l.l, 1, 

of   Dollars  (rounded)'); 


end 
end; 

gotoxy (55, 1 ) 
gotoxy (59,2) 
gotoxy (59,3) 
gotoxy (55, 4) 
getrec(f ile2 
adjuststr ( st 
adjuststr (st 
gotoxy (60,8) 
gotoxy (59,9) 


write( 'GRAPHS  OVER  THE  RANGE:'); 

write('Low  :'+  low); 

writeCHigh:  '  +  high); 

write (' Number  of  Sets  :',i:3); 
bestsetl , st ) ; 
BCR)  ; 
Ck)  ; 

write('<<==  THE  BEST  SET  '); 

writeCBCR  :  ',st.BCR); 


gotoxy  (59,  10)  ;  writeCCost  of  set  :  ',st.Ck); 
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getrec(f ile2, bestset2,st) ; 
adjuatstr (at .TCk) ; 
adjuststr (st . Ck) ; 

gotoxy(5,18) ;  writeCTHE  BEST  SET  =  =  >>'); 
gotoxy(l,20) ;  write (' Expected  coat:  ',at.TCk>; 
gotoxy  (1,21) ;  writeCCoat   of   set:  ',3t.Ck); 
gotoxy  ( 1 ,  24)  ;  writeCpress  any  key  ...'); 
setf oregroundcolor (2)  ; 
read (kbd, ana) ; 
leavegraphic; 
textmode; 
textcolor (x) ; 
makef rame; 

problemfield (cproblem) ; 
action (currentaction) ; 
putdate 
end; 

cloaef ilea; 
end ; 

begin   {  of  graphics) 
ana   : =  '  ' ; 

flagl  :=  false; 
flag2  :=  false; 

while   ana  <>  '4'   do 
begin 

graph ic3inenu ; 

select ( 'SELECT   1,2,3  or  4  :  ' , C ' 1 ' . . ' 4 ' ] , ans) ; 
if   ana  =  '1'   then 
helpCG'  )  ; 

while   (ans  <>  '1')  and  (ans  <>  '4')   do 
begin 

select ( 'SELECT  W)eighted,  P).e.r.t,  R)anking 

or  Q)uit:  ', C W ,' P' ,' Q' ,' R' ], method) ; 
if   method  =  'Q'   then   goto  cancel; 
openf ile (f ilel , dr + cproblem + ' . ' + method + ' dt ' , 

sizeof (at) ) ; 

if   not   ok   then 
begin 

clearf rame; 

message ('YOU  MUST  RUN  THE  MODEL  FIRST'); 

wait; 

goto   cancel 
end ; 
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if   ok   then 
begin 

if   usedrecs (f ilel >  <  2   then 
begin 

clearframe; 

message < 'CANNOT   MAKE    GRAPH   WITH   LESS   THAN   2 

SETS' ) ; 
closef iieCf ilel ) ; 
wait; 

closef ile(f ilel) ; 
goto  cancel 
end; 
closef ile(f ilel ) ; 


case   method   of 


'W'  :  title 

'P'  :  title 

'R'  :  title 

end  (of  case) 


=  'WEIGHTED  METHOD 
=  'P.E.R.T.  METHOD 
=  'RANKING   METHOD 


end;  (of  if  ok) 

case   ans   of 
'2'  :  begin 

currentaction  :=  'GRAPHICS  /  CURVE'; 

action (currentaction) ; 

f lag2  : =  true; 

computegraph; 

if   not  flagl   then 

makegraph; 
flagl  :=  false; 
ans  :=  '2' 
end; 
'3'  :  begin 

currentaction   :=   'GRAPHICS   /   HISTOGRAM'; 

action (currentaction) ; 

computegraph; 

if   not  flagl   then 

makegraph ; 
flagl  :=  false; 
ans  :=  '3' 
end 
end  (of  case) 

end;  (of  while) 
cancel : 
end  (of  while) 
end ; 
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overlay  procedure  printfiles; 
var 

ans  :  char; 


overlay  procedure 
var 


controlef f ectable; 


string [80] ; 
string  C2] ; 
integer; 


header 
idx 
i 
begin 

actionC 'PRINTER  /  CONTROL  TABLE'); 
f illchar (ce, sizeof (ce) , 0) ; 
f i llchar ( header , sizeof (header ) ,0) ; 
writelndst, #12, 'D  E  C  I  S  I  0  N 

writeln < 1st, conststr< ' -' ,47) :63) ; 
writeln  < 1st) ; 

writelndst, 'COST   EFFECTIVENESS 
writeln (1st, 'FOR' :41) ; 
writelndst,  'CONTROL   &   SECURITY 


s  u 

P  P 

0  R  T 

9 

'S 

Y  S 

T  E  M 

' :62) ; 

ANALYSIS' 

' :54) ; 

OF 

COMPUTER 

P 

4 

'SYSTEMS' :62) ; 

writeln ( 1st) ; 
writeln ( 1st) ; 
writelndst,  'CONTROL 


ACTIVITIES    FOR   WORK   ' -cproblem ) ; 


openf ile(f ilel , dr+cproblem+ ' .del ' , sizeof (ctrl ) ) ; 
open index ( index 1 , dr +cproblem+ ' . icl ' , 

sizeof (ctrl . index) , 0) ; 
ctrlno  :=  usedrecs(filel); 
clear key ( index 1 ) ; 
header  :=  'EXPOSURE  !   '; 
i  :  =  0; 
repeat 

nextkeyC  index 1 , rn, idx) ; 

if   ok   then 

begin 

i  :  =  i  ♦  1  ; 

getrec ( f i lei , rn, ctrl ) ; 
writeln  < 1st, ctr 1 . index, ' 
ceCi]  :=  ctrl. effect; 
=  ctrl . cost; 
:=  header  +  ctrl . index 


,ctrl .description) ; 


ccti] 
header 
end 
until   not  ok; 
closef ile(f ilel ) ; 
closeindex < indexl ) ; 
writeln ( 1st) ; 
writeln  < 1st) ; 
writelndst, 'EXPOSURES  FOR  WORK  '-^cproblem); 
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openf ile(f ilel ,dr+cproblem+ ' .dxp' ,sizeof (expsr ) ) ; 
open index ( index 1 , dr  +  cproblem+ ' . ixp'  , 

sizeof (expsr . index) ,  0) ; 
clearkey ( indexl ) ; 
repeat 

next key ( indexl ,  rn, idx) ; 

if   ok   then 

begin 

getrec(f ilel ,rn, expsr) ; 

write In ( 1st, expsr . index, '  ' , expsr .description) 

end 
until   not  ok; 
closef ile(f ilel)  ; 
closeindex < indexl ) ; 
writeln< 1st) ; 
writeln(lst) ; 
writelnC 1st) ; 

writeln(lst,conststr ( ' =' ,80) ) ; 
writelndst, 'EFFECTIVENESS  OF  CONTROL  a(i)   ON  EXPOSURE  ', 

'e(i) ' :70) ; 
writeln ( 1st , header ) ; 
writeln ( 1st , const str ( ' -' ,80) ) ; 
for   i  : =  1  to  expno   do 
begin 

writedst,  i  :6,  '     !  '  )  ; 

for  j     :=  1  to  ctrlno   do 
writedst,  cefo  ,  i]  :6,  '  '); 

writeln  < 1st) ; 
end; 

writeln ( 1st) ; 
writedst, 'COST  ad)!'); 
for   i  :=  1  to  ctrlno  do 

write < 1st, str tor eal <cc  Ci] ): 6 : 0, '  ' ) ; 
writeln  < 1st) ; 

writeln( 1st ,conststr ( ' =' ,80) ) 
end  ; 


overlay  procedure  exposuretable; 
begin 

action( 'PRINTER  /  EXPOSURE  TABLE'); 

writeln (1st, #12, 'DECISION    SUPPORT 

writeln ( 1st , conststr ( ' -' ,47) :63) ; 

writeln ( 1st) ; 

writelndst,  'COST   EFFECTIVENESS   ANALYSIS'  :  54  )  ; 

writeln (1st, 'FOR' :41) ; 

writelndst, 'CONTROL   &   SECURITY   OF 


SYSTEM' :53) 


COMPUTER 

SYSTEMS. ' :62) ; 


writeln ( 1st) ; 
writeln ( 1st)  ; 
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writelndst, 'EXPECTED  LOSSES  CAUSED  BY  EXPOSURES  FOR  WORK' 

«■ '  ' +cproblem :66) ; 
i  :  =  9; 
writeln ( 1st) ; 
writeln < 1st) ; 
writeln  < 1st) ; 

openf ile (f ilel ,dr+cproblem+ '  .dxp'  ,  sizeof  (expsr )  )  ; 
open index ( index 1 , dr+cproblem+ ' . ixp' , 

sizeof (expsr . index) , 0) ; 
writelndst, 'THE  WEIGHTED  METHOD' :48); 
writeln < 1st , conststr ( ' = ' ,80) ) ; 
writelndst, 'POTENTIAL  ERRORS' :  37,  '  AMOUNT  0F':28, 

'PROB/TY  OF' :15) ; 
writelndst,  'DAMAGE'  :64,  'OCCURENCE'  :15); 
writeln ( 1st , conststr ( ' - ' , 80) ) ; 
clearkey < indexl ) ; 
3    :=  17; 
with   expsr   do 
repeat 

next key ( indexl ,rn,idx); 
if   ok   then 
begin 

3  :=  j  ♦  1; 

getrec( filel , rn, expsr ) ; 
k  :=  50  -  length (description) ; 

writeln ( 1st , index , '      ', description , conststr ( '   ',k), 

damage  111, probabi 1 ity : 12) 
end 
until   not  ok; 

writeln ( 1st , conststr ( ' = ' ,80) ) ; 
i  :=  3    -    i  *  2; 
if   j  +  i  >  56   then 

write( 1st, #12) ; 
writeln ( 1st) 
writeln ( 1st ) 
writeln ( 1st) 
writelndst, 'THE  P.E.R.T   METH0D':48); 
writeln (1st, conststr ( ' = ' ,80) ) ; 

writelndst, 'POTENTIAL   ERRORS'  :  37  ,' AMOUNT  OF  DAMAGE'  :37); 
writelndst, 'smallest'  :  61,  'm .  likely'  :10,'  largest'  :9)  ; 
writeln (1st, conststr ( ' - ' ,80) )  ; 
clearkey ( indexl ) ; 
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with   expsr   do 
repeat 

nextkey ( index 1 ,rn, idx) ; 

if   ok   then 

begin 

getrec (f ilel ,rn, expsr ) ; 
k  :=  50  -  length (description) ; 

writeln ( 1st, index, '    ', description, conststr ( '    ',k), 

smallest : 8, most likely: 10, largest : 9) 
end 
until   not  ok; 

writeln (1st, conststr < '  =  ' ,80) )  ; 
writeln ( 1st) 
writeln ( 1st) 
writeln(lst) 

writelndst,  'THE  RANKING   METHOD' :48); 
wr i teln (1st, conststr ('=' ,80) ) ; 
writelndst,  'POTENTIAL  ERRORS'  :37, 

'ESTIMATION 
writelndst, 'OF  OCCURENCE  AND  DAMAGE' 
writelndst, 'Rank  P':65,'Rank  Q':ll); 
wri teln (1st, conststr ( ' - ' ,80) ) ; 
clearkey ( indexl ) ; 
with   expsr   do 
repeat 

nextkey ( indexl ,rn, idx) ; 

if   ok   then 

begin 

getrec ( f i lei , rn , expsr ) ; 
k  :=  50  -  length ( description) ; 

writeln ( 1st , index, '      ', description , conststr ( '   ',k), 

rankP: ll,rankQ: 11 ) 
end 
until   not  ok; 

writeln(lst,conststr( ' ='  ,80)  )  ; 
closef ile (f ilel ) ; 
close index ( indexl ) 
end ; 


OF  PROBABILITY' :42) ; 
78)  ; 
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overlay  procedure   printsetf ile; 
label 

cancel ; 
var 

method 

i, 3 ,k,rn 

mthd 

header 
begin 

action< 'PRINTER  /  SET  FILE' ) ; 

f illchar( mthd, sizeof < mthd) ,0) ; 

f illchar (header , sizeof (header ) ,0) ; 

f illchar (comb, sizeof (comb) , 0) ; 

select( 'SELECT     W)eighted,   P).e.r.t   or   R)anking 

C'W  ,  'P'  ,  'R'  ]  , method)  ; 


char; 
integer; 
string  [17] ; 
string [80] ; 


case   method  of 
'W  :  begin 

mthd  :=  'WEIGHTED  METHOD:  '; 
comb  :=  wcombindex 
end; 
'P'  :  begin 

mthd  :=  'P.E.R.T.  METHOD:  '; 
comb  :=  pcombindex 
end; 
'R'  :  begin 

mthd  :=  'RANKING   METHOD: 
comb  :=  rcombindex 
end 
end;  (of  case) 

openf ile (f ilel , dr +cproblem+ ' . ' + method + ' dt ' , sizeof (st ) ) 
if   not  ok   then 
begin 

message ( 'THERE  IS  NO  FILE  FOR  THE  '+mthd>; 
goto  cancel 
end 
else 

closef ile (f ilel ) ; 
write(lst,#12) ; 
writeln ( 1st) ; 
writeln ( 1st) ; 
writelndst,  'D    ECISION  SUPPORT 

SYSTEM' :62) ; 
writeln ( 1st , const str ( ' - ' ,47) :63) ; 
writeln ( 1st) ; 

writelndst, 'COST   EFFECTIVENESS   ANALYSIS'  :  54  >  ; 
writelndst,  'FOR'  :41)  ; 
writelndst, 'CONTROL   S.   SECURITY   OF   COMPUTER 

SYSTEMS. ' :62) ; 
writeln ( 1st) ; 
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writeln  < 1st) ; 

wr±teln< 1st, mthd+' CONTROL   SETS   FOR   WORK  ' +cproblem : 62) ; 

writeln  < 1st) ; 

writeln ( 1st) ; 

writelndst,  'CONTROL   ACTIVITIES   USED    BY    THE   CONTROL 

SETS: ' ) ; 
openf ile(f ilel ,dr+cproblem+ ' . del ' , sizeof (ctrl ) ) ; 
open index ( index 1 , dr+cproblem+ ' . icl ' , sizeof (ctrl . index) ,0) ; 
clearkey ( indexl ) ; 
3     :=  14; 

for   i  : =  1  to  maxctrl   do 
if   combCiD  <>  "   then 
begin 

f indkey  <  indexl , rn, comb  Ci] ) ; 

if   ok   then 

begin 

getrec(f ilel ,rn, ctrl )  ; 

writeln  < 1st, ctrl . index,  '  :  ' ,ctrl. description) ; 

3     '=    3     +  1 

end 
end;  (of  for/if) 
closef ile (f ilel ) ; 
closeindex ( indexl ) ; 
writeln ( 1st) ; 
writeln ( 1st) ; 
header  :=  '  CONTROL  ACTIVITIES  '+ 

VALUE  '+'       COST  '+'■   EXP. COST  '+'   BCR'; 
writeln ( 1st , header ) ; 
writeln < 1st, conststr < ' - ' ,80) ) ; 

openf i le ( f i lei , dr+cproblem+ ' . ' + method* ' dt ' , sizeof (st ) ) ; 
open index  <  indexl , dr  +  cproblem+ '  . ' + met hod* 'ic' , 

sizeof (st. Ck) , 1) ; 
clearkey < indexl ) ; 
3     •=    3    -  4; 
k  :  =  1; 
with   st   do 
repeat 

next key ( indexl , rn , idx ) ; 

if   ok   then 

begin 

3    :=  3    *   i; 

if  j     >    56   then 
begin 

3     :=  5; 

k  :=  k  *  1; 

write<lst,#12) ; 

write(lst,mthd+'CONTROL  SETS  FOR  WORK  '+ 

cproblem:50) ; 

writeClst, ' page  ':24,k:2); 

writeln ( 1st) ; 


146 


writeln ( 1st) ; 
writeln  < 1st) ; 
writeln  < 1st, header) ; 
writeln < 1st, conststr( ' -' ,80) ) 
end; 

getrec(f ilel , rn,st ) ; 
for   i  : =  1  to  maxctrl   do 
if   setcombCi]  <>  ' '   then 

write < 1st, set comb  Ci]+',') 
else 

writedst,'    '); 
write(lst,Vk:10,Ck:lO,TCk:lO,BCR:8) ; 
writeln ( 1st) 
end 
until   not  ok; 
writeln ( 1st) ; 
closef i le (f i lei ) ; 
closeindex ( indexl ) ; 
cancel : 
end ; 

begin   (of  printfiles) 
ans  :  =  '  ' ; 

while   ans  <>  '5'   do 
begin 

pr intmenu ; 

select ( 'SELECT  1,2,3,4  or  5  : ' , C ' 1 ' . . ' 5 ' ] , ans ) ; 

if   (ans  <>  '1')  and  (ans  <>  '5')   then 

begin 

clearf rame; 

message ( 'TURN  YOUR  PRINTER  ON.'); 
wait 
end; 
case   ans   of 

'1'  :  help( 'P' ) ; 
'2'  :  exposuretable ; 
'3'  :  controlef f ectable; 
'4'  :  pr intsetf ile; 
end  (of  case) 
end;  (of  while) 
end  ; 
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BEGIN    (OF  SENSITIVITYANALYSIS) 
f illchar (key, sizeof (key) ,  O) ; 
f illchar ( idx, sizeof ( idx) ,  0) ; 
ans  : =  '  ' ; 
while   ans  <>  '5'   do 
begin 

sensanalymenu; 

select ( 'SELECT    1,2,3,4    or    5   : ' ,  C '  1 '  .  .  ' 5 ' ]  , ans) ; 

case   ans   of 

'1'  :  help('S'); 

'2'  :  controlstrategy ; 

'3'  :  graphics; 

'4'  :  printfiles; 
end  (of  case) 

end;  (of  while) 
END; 
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procedure   help(ch  :  char); 

{$1-} 

var 

fl    :  text; 
line  :  string [80] ; 
i,j   :  integer; 
begin 

assign (fl, 'HELP' +ch+' .TXT' ) ; 

reset (f 1 ) ; 

if   IOresult  =  0   then 

begin 

clrscr ; 

i  :  =  0; 

while   not  eof(fl)   do 

begin 

read In (f 1 , line) ; 
wr iteln  < 1 ine) ; 
i  :  =  i  ♦  1  ; 
if   i  =  22   then 
begin 
wait ; 
i  :=  0; 
clrscr 
end; 

if   eof(fl)   then 
wait 
end; 
clrscr; 
raakef rame ; 
putdate; 

problemf ield (cproblent ) 
end 
end ; 
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